National Vulnerability Database

National Vulnerability Database

NVD

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS Version 3.1 Official Support!
CVSS Version 3.1 Official Support!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2021-22882 - UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash.
    Published: February 23, 2021; 2:15:13 PM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2020-7846 - Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page.
    Published: February 24, 2021; 11:15:14 AM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-21616 - Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
    Published: February 24, 2021; 11:15:14 AM -0500

    V3.1: 4.6 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-21618 - Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
    Published: February 24, 2021; 11:15:14 AM -0500

    V3.1: 5.4 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-21619 - Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the secur... read CVE-2021-21619
    Published: February 24, 2021; 11:15:14 AM -0500

    V3.1: 5.4 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-21621 - Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some ... read CVE-2021-21621
    Published: February 24, 2021; 11:15:15 AM -0500

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2021-21622 - Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
    Published: February 24, 2021; 11:15:15 AM -0500

    V3.1: 5.4 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-27645 - The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the ... read CVE-2021-27645
    Published: February 24, 2021; 10:15:13 AM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.9 MEDIUM

  • CVE-2021-20247 - A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to acce... read CVE-2021-20247
    Published: February 23, 2021; 2:15:13 PM -0500

    V3.1: 7.4 HIGH
     V2.0: 5.8 MEDIUM

  • CVE-2020-11223 - Out of bound in camera driver due to lack of check of validation of array index before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
    Published: February 22, 2021; 2:15:14 AM -0500

    V3.1: 7.8 HIGH
     V2.0: 7.2 HIGH

  • CVE-2021-3355 - A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.
    Published: February 24, 2021; 10:15:13 AM -0500

    V3.1: 5.4 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-26683 - A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated ... read CVE-2021-26683
    Published: February 23, 2021; 1:15:13 PM -0500

    V3.1: 7.2 HIGH
     V2.0: 9.0 HIGH

  • CVE-2020-14359 - A vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we ... read CVE-2020-14359
    Published: February 23, 2021; 8:15:12 AM -0500

    V3.1: 7.3 HIGH
     V2.0: 7.5 HIGH

  • CVE-2021-22651 - When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the ... read CVE-2021-22651
    Published: February 23, 2021; 1:15:13 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-20252 - A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently ... read CVE-2021-20252
    Published: February 23, 2021; 6:15:13 PM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 6.8 MEDIUM

  • CVE-2021-20198 - A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubele... read CVE-2021-20198
    Published: February 23, 2021; 1:15:13 PM -0500

    V3.1: 8.1 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-20182 - A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utiliz... read CVE-2021-20182
    Published: February 23, 2021; 5:15:12 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2020-27782 - A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this ... read CVE-2020-27782
    Published: February 23, 2021; 2:15:13 PM -0500

    V3.1: 7.5 HIGH
     V2.0: 7.8 HIGH

  • CVE-2021-26684 - A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated ... read CVE-2021-26684
    Published: February 23, 2021; 1:15:13 PM -0500

    V3.1: 7.2 HIGH
     V2.0: 9.0 HIGH

  • CVE-2021-3252 - KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been pro... read CVE-2021-3252
    Published: February 23, 2021; 10:15:15 AM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM