Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 5/23/2015 9:30:27 AM

CVE Publication rate: 11.17

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 5.77
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).
CVE-2015-0750

Summary: The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID CSCut02786.

Published: 5/22/2015 9:59:00 PM

CVE-2015-0916

Summary: SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035.

Published: 5/21/2015 8:59:02 PM

CVSS Severity: 6.5 MEDIUM
CVE-2015-0915

Summary: Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename.

Published: 5/21/2015 8:59:01 PM

CVSS Severity: 4.3 MEDIUM
CVE-2015-0746

Summary: The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.

Published: 5/21/2015 8:59:00 PM

CVSS Severity: 5.0 MEDIUM
CVE-2015-4018

Summary: SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in the syndication.php page to wp-admin/admin.php.

Published: 5/21/2015 4:59:02 PM

CVSS Severity: 6.5 MEDIUM
CVE-2015-3647

Summary: Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter in a wppa do-comment action.

Published: 5/21/2015 4:59:01 PM

CVSS Severity: 4.3 MEDIUM
CVE-2012-1978

Summary: Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admin/adminprocess.php, (3) add an event via a request to engine/new_event.php, or (4) delete an event via a request to phpagenda/.

Published: 5/21/2015 4:59:00 PM

CVSS Severity: 6.8 MEDIUM
CVE-2015-3912

Summary: Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands.

Published: 5/21/2015 3:59:01 PM

CVSS Severity: 5.0 MEDIUM
CVE-2015-3911

Summary: Huawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows remote attackers to bypass authentication, change configurations, send messages, and cause a denial of service (device restart) via unspecified vectors.

Published: 5/21/2015 3:59:00 PM

CVSS Severity: 9.0 HIGH
CVE-2015-0742

Summary: The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding registration, which allows remote attackers to cause a denial of service (forwarding outage) via a crafted multicast packet, aka Bug ID CSCus74398.

Published: 5/21/2015 6:59:02 AM

CVSS Severity: 5.0 MEDIUM
CVE-2015-0741

Summary: Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596.

Published: 5/21/2015 6:59:00 AM

CVSS Severity: 6.8 MEDIUM
CVE-2015-3036

Summary: Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by providing a long computer name in a session on TCP port 20005.

Published: 5/20/2015 9:59:27 PM

CVSS Severity: 10.0 HIGH
CVE-2015-4000

Summary: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Published: 5/20/2015 8:59:00 PM

CVSS Severity: 4.3 MEDIUM
CVE-2015-3141

Summary: Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an SMTP domain or (2) user via a request to /FrontController; or conduct cross-site scripting (XSS) attacks via the (3) domainname parameter to /FrontController, when creating a new SMTP domain configuration; the (4) txtRecipient parameter to /FrontController, when creating a new forwarder; the (5) popFetchServer, (6) popFetchUser, or (7) popFetchRecipient parameter to /FrontController, when creating a new POP3 Fetcher account; or the (8) Smtp HELO domain in the Advanced Server Configuration.

Published: 5/20/2015 3:59:02 PM

CVSS Severity: 6.8 MEDIUM
CVE-2012-4902

Summary: Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php.

Published: 5/20/2015 3:59:01 PM

CVSS Severity: 6.8 MEDIUM
CVE-2012-4901

Summary: Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter an add_template action to admin/index.php.

Published: 5/20/2015 3:59:00 PM

CVSS Severity: 4.3 MEDIUM
CVE-2015-4016

Summary: The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet.

Published: 5/20/2015 2:59:08 PM

CVSS Severity: 5.0 MEDIUM
CVE-2015-3999

Summary: Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space.

Published: 5/20/2015 2:59:07 PM

CVSS Severity: 2.1 LOW
CVE-2015-3990

Summary: The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration.

Published: 5/20/2015 2:59:05 PM

CVSS Severity: 9.0 HIGH
CVE-2015-1188

Summary: The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors.

Published: 5/20/2015 2:59:04 PM

CVSS Severity: 10.0 HIGH