NVD

2022-23 Change Timeline

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2022-39226 - Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large payloads of text into the Location and Website ... read CVE-2022-39226
Published: September 29, 2022; 4:15:13 PM -0400

V3.1: 4.3 MEDIUM
CVE-2022-25315 - In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
Published: February 18, 2022; 12:15:08 AM -0500

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-25314 - In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
Published: February 18, 2022; 12:15:08 AM -0500

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-29260 - libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
Published: September 02, 2022; 7:15:08 PM -0400

V3.1: 7.5 HIGH
CVE-2018-17766 - Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.
Published: September 09, 2020; 3:15:15 PM -0400

V3.1: 4.6 MEDIUM
V2.0: 2.1 LOW
CVE-2018-17765 - Ingenico Telium 2 POS terminals have undeclared TRACE protocol commands. This is fixed in Telium 2 SDK v9.32.03 patch N.
Published: September 09, 2020; 3:15:15 PM -0400

V3.1: 6.8 MEDIUM
V2.0: 7.2 HIGH
CVE-2020-1941 - In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
Published: May 14, 2020; 1:15:12 PM -0400

V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-11973 - Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
Published: May 14, 2020; 1:15:12 PM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-15606 - Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
Published: February 07, 2020; 10:15:11 AM -0500

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-0549 - Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Published: January 27, 2020; 8:15:12 PM -0500

V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-6461 - Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Published: May 21, 2020; 12:15:11 AM -0400

V3.1: 9.6 CRITICAL
V2.0: 6.8 MEDIUM
CVE-2020-6460 - Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name.
Published: May 21, 2020; 12:15:11 AM -0400

V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-6458 - Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Published: May 21, 2020; 12:15:10 AM -0400

V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-6457 - Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Published: May 21, 2020; 12:15:10 AM -0400

V3.1: 9.6 CRITICAL
V2.0: 6.8 MEDIUM
CVE-2019-10173 - It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarsh... read CVE-2019-10173
Published: July 23, 2019; 9:15:13 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-12973 - In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.
Published: June 26, 2019; 2:15:10 PM -0400

V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-3773 - Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Published: January 18, 2019; 5:29:01 PM -0500

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-43462 - A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter.
Published: April 04, 2022; 12:15:08 PM -0400

V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2021-43456 - An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path.
Published: April 04, 2022; 11:15:09 AM -0400

V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2020-6466 - Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Published: May 21, 2020; 12:15:11 AM -0400

V3.1: 9.6 CRITICAL
V2.0: 6.8 MEDIUM

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database