National Vulnerability Database

National Vulnerability Database

NVD

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS Version 3.1 Official Support!
CVSS Version 3.1 Official Support!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2021-1962 - Buffer Overflow while processing IOCTL for getting peripheral endpoint information there is no proper validation for input maximum endpoint pair and its size in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile... read CVE-2021-1962
    Published: September 09, 2021; 4:15:25 AM -0400

    V3.1: 6.7 MEDIUM
     V2.0: 4.6 MEDIUM

  • CVE-2021-1961 - Possible buffer overflow due to lack of offset length check while updating the buffer value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & ... read CVE-2021-1961
    Published: September 09, 2021; 4:15:25 AM -0400

    V3.1: 6.7 MEDIUM
     V2.0: 4.6 MEDIUM

  • CVE-2021-40223 - Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitize user input on several parameters of the configuration (User Configuration dialog, Task Configuration dialog and set logging filter dialog). This allows an attacker to backdoor... read CVE-2021-40223
    Published: September 09, 2021; 8:15:10 AM -0400

    V3.1: 5.4 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-40222 - Rittal CMC PU III Web management Version affected: V3.11.00_2. Version fixed: V3.17.10 is affected by a remote code execution vulnerablity. It is possible to introduce shell code to create a reverse shell in the PU-Hostname field of the TCP/IP Con... read CVE-2021-40222
    Published: September 09, 2021; 8:15:10 AM -0400

    V3.1: 7.2 HIGH
     V2.0: 9.0 HIGH

  • CVE-2021-26603 - A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check.
    Published: September 09, 2021; 8:15:08 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-34709 - Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an auth... read CVE-2021-34709
    Published: September 09, 2021; 1:15:10 AM -0400

    V3.1: 6.4 MEDIUM
     V2.0: 6.9 MEDIUM

  • CVE-2021-39251 - A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.
    Published: September 07, 2021; 11:15:07 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2021-35267 - NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.
    Published: September 07, 2021; 11:15:07 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2021-35266 - In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.
    Published: September 07, 2021; 11:15:07 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2021-33287 - In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.
    Published: September 07, 2021; 11:15:07 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2021-39257 - A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.
    Published: September 07, 2021; 11:15:08 AM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 4.7 MEDIUM

  • CVE-2021-39256 - A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22.
    Published: September 07, 2021; 11:15:08 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2021-39254 - A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.
    Published: September 07, 2021; 11:15:07 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2021-39253 - A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.
    Published: September 07, 2021; 11:15:07 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2021-39258 - A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22.
    Published: September 07, 2021; 11:15:08 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2021-34718 - A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments tha... read CVE-2021-34718
    Published: September 09, 2021; 1:15:11 AM -0400

    V3.1: 8.1 HIGH
     V2.0: 8.5 HIGH

  • CVE-2021-35976 - The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim's browser by using the li... read CVE-2021-35976
    Published: September 10, 2021; 8:15:13 AM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-33256 - ** DISPUTED ** A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could b... read CVE-2021-33256
    Published: August 09, 2021; 10:15:31 AM -0400

    V3.1: 8.8 HIGH
     V2.0: 9.3 HIGH

  • CVE-2021-1106 - NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data ... read CVE-2021-1106
    Published: August 11, 2021; 6:15:07 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2021-1107 - NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components.
    Published: August 11, 2021; 6:15:08 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM