U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD



NVD API Key Logo
NVD API Key
Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2021-43390 - An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of inpu... read CVE-2021-43390
    Published: November 14, 2021; 4:15:08 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2019-9704 - Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked.
    Published: March 11, 2019; 9:29:00 PM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2019-7164 - SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
    Published: February 19, 2019; 7:29:00 PM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2019-7665 - In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note doe... read CVE-2019-7665
    Published: February 09, 2019; 11:29:00 AM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2019-7638 - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
    Published: February 08, 2019; 6:29:00 AM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2019-7637 - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.
    Published: February 08, 2019; 6:29:00 AM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2019-7636 - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
    Published: February 08, 2019; 6:29:00 AM -0500

    V3.1: 8.1 HIGH
     V2.0: 5.8 MEDIUM

  • CVE-2019-7635 - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
    Published: February 08, 2019; 6:29:00 AM -0500

    V3.1: 8.1 HIGH
     V2.0: 5.8 MEDIUM

  • CVE-2019-7578 - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.
    Published: February 07, 2019; 2:29:01 AM -0500

    V3.1: 8.1 HIGH
     V2.0: 5.8 MEDIUM

  • CVE-2019-7577 - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
    Published: February 07, 2019; 2:29:00 AM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2019-7576 - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).
    Published: February 07, 2019; 2:29:00 AM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2019-7575 - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.
    Published: February 07, 2019; 2:29:00 AM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2019-7574 - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.
    Published: February 07, 2019; 2:29:00 AM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2019-7573 - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).
    Published: February 07, 2019; 2:29:00 AM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2019-7572 - SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
    Published: February 07, 2019; 2:29:00 AM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2019-7548 - SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
    Published: February 06, 2019; 4:29:01 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2019-7150 - An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted ... read CVE-2019-7150
    Published: January 28, 2019; 7:29:00 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2018-20482 - GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be arch... read CVE-2018-20482
    Published: December 26, 2018; 1:29:00 PM -0500

    V3.1: 4.7 MEDIUM
     V2.0: 1.9 LOW

  • CVE-2015-6815 - The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspeci... read CVE-2015-6815
    Published: January 31, 2020; 5:15:11 PM -0500

    V3.1: 3.5 LOW
     V2.0: 2.7 LOW

  • CVE-2015-5278 - The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
    Published: January 23, 2020; 3:15:11 PM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 4.0 MEDIUM