Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 5/28/2016 3:58:51 PM

CVE Publication rate: 20.23

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 12.5
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).
CVE-2016-1413

Summary: The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517.

Published: 5/27/2016 9:59:02 PM

CVE-2016-1410

Summary: Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312.

Published: 5/27/2016 9:59:01 PM

CVE-2016-1379

Summary: Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted (1) LAN-to-LAN or (2) Remote Access VPN tunnel packets, aka Bug ID CSCuv70576.

Published: 5/27/2016 9:59:00 PM

CVE-2016-3681

Summary: Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03021.

Published: 5/26/2016 12:59:02 PM

CVSS Severity: v3 - 7.8 HIGH      v2 - 9.3 HIGH
CVE-2016-3680

Summary: Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03020.

Published: 5/26/2016 12:59:01 PM

CVSS Severity: v3 - 7.8 HIGH      v2 - 9.3 HIGH
CVE-2016-0718

Summary: Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

Published: 5/26/2016 12:59:00 PM

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 7.5 HIGH
CVE-2016-1385

Summary: The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authenticated users to cause a denial of service (instability, memory consumption, or device reload) by leveraging (1) administrative access or (2) Clientless SSL VPN access to provide a crafted XML document, aka Bug ID CSCut14209.

Published: 5/26/2016 11:59:01 AM

CVSS Severity: v3 - 6.5 MEDIUM      v2 - 6.8 MEDIUM
CVE-2015-7360

Summary: Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) serial parameter to alerts/summary/profile/; the (2) urlForCreatingReport parameter to csearch/report/export/; the (3) id parameter to analysis/detail/download/screenshot; or vectors related to (4) "Fortiview threats by users search filtered by vdom" or (5) "PCAP file download generated by the VM scan feature."

Published: 5/26/2016 11:59:00 AM

CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM
CVE-2016-4792

Summary: Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors.

Published: 5/26/2016 10:59:08 AM

CVSS Severity: v3 - 5.3 MEDIUM      v2 - 5.0 MEDIUM
CVE-2016-4791

Summary: The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors.

Published: 5/26/2016 10:59:07 AM

CVSS Severity: v3 - 8.6 HIGH      v2 - 6.4 MEDIUM
CVE-2016-4790

Summary: Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: 5/26/2016 10:59:06 AM

CVSS Severity: v3 - 5.5 MEDIUM      v2 - 3.5 LOW
CVE-2016-4789

Summary: Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: 5/26/2016 10:59:05 AM

CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM
CVE-2016-4788

Summary: Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors.

Published: 5/26/2016 10:59:04 AM

CVSS Severity: v3 - 5.8 MEDIUM      v2 - 5.0 MEDIUM
CVE-2016-4787

Summary: Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors.

Published: 5/26/2016 10:59:03 AM

CVSS Severity: v3 - 10.0 CRITICAL      v2 - 6.4 MEDIUM
CVE-2016-4786

Summary: Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

Published: 5/26/2016 10:59:02 AM

CVSS Severity: v3 - 7.5 HIGH      v2 - 7.8 HIGH
CVE-2016-4021

Summary: The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string.

Published: 5/26/2016 10:59:01 AM

CVSS Severity: v3 - 7.5 HIGH      v2 - 7.8 HIGH
CVE-2016-2784

Summary: CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request.

Published: 5/26/2016 10:59:00 AM

CVSS Severity: v3 - 4.7 MEDIUM      v2 - 2.6 LOW
CVE-2016-4575

Summary: Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message.

Published: 5/25/2016 11:59:06 AM

CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM
CVE-2016-4020

Summary: The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priorty Register (TPR).

Published: 5/25/2016 11:59:04 AM

CVSS Severity: v3 - 6.5 MEDIUM      v2 - 2.1 LOW
CVE-2016-1887

Summary: Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow.

Published: 5/25/2016 11:59:03 AM

CVSS Severity: v3 - 7.8 HIGH      v2 - 7.2 HIGH