NVD

NVD Release of CVMAP

CVSS Version 3.1 Official Support!

New NVD CVE/CPE API and Legacy SOAP Service Retirement!

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2020-14878 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with access to the physi... read CVE-2020-14878
Published: October 21, 2020; 11:15:25 AM -0400

V3.1: 8.0 HIGH
V2.0: 7.7 HIGH
CVE-2020-14879 - Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privi... read CVE-2020-14879
Published: October 21, 2020; 11:15:25 AM -0400

V3.1: 8.5 HIGH
V2.0: 7.5 HIGH
CVE-2020-14875 - Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated ... read CVE-2020-14875
Published: October 21, 2020; 11:15:24 AM -0400

V3.1: 9.1 CRITICAL
V2.0: 9.4 HIGH
CVE-2020-14873 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple ... read CVE-2020-14873
Published: October 21, 2020; 11:15:24 AM -0400

V3.1: 4.4 MEDIUM
V2.0: 6.8 MEDIUM
CVE-2020-14872 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastruct... read CVE-2020-14872
Published: October 21, 2020; 11:15:24 AM -0400

V3.1: 8.2 HIGH
V2.0: 7.2 HIGH
CVE-2020-14871 - Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access vi... read CVE-2020-14871
Published: October 21, 2020; 11:15:24 AM -0400

V3.1: 10.0 CRITICAL
V2.0: 10.0 HIGH
CVE-2020-14870 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple p... read CVE-2020-14870
Published: October 21, 2020; 11:15:24 AM -0400

V3.1: 4.9 MEDIUM
V2.0: 6.8 MEDIUM
CVE-2020-14869 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker wi... read CVE-2020-14869
Published: October 21, 2020; 11:15:24 AM -0400

V3.1: 4.9 MEDIUM
V2.0: 6.8 MEDIUM
CVE-2020-7590 - A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Affected devices use a hard-coded pas... read CVE-2020-7590
Published: October 13, 2020; 12:15:21 PM -0400

V3.1: 6.4 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2020-3991 - VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin p... read CVE-2020-3991
Published: October 16, 2020; 10:15:12 AM -0400

V3.1: 7.1 HIGH
V2.0: 3.6 LOW
CVE-2020-24408 - Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to ex... read CVE-2020-24408
Published: October 16, 2020; 11:15:11 AM -0400

V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-26934 - phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
Published: October 10, 2020; 3:15:12 PM -0400

V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-3317 - A vulnerability in the ssl_inspection component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to crash Snort instances. The vulnerability is due to insufficient input validation in the ssl_inspect... read CVE-2020-3317
Published: October 21, 2020; 3:15:15 PM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-16927 - A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.
Published: October 16, 2020; 7:15:15 PM -0400

V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2020-16968 - A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka 'Windows Camera Codec Pack Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16967.
Published: October 16, 2020; 7:15:16 PM -0400

V3.1: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2020-10138 - Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSS... read CVE-2020-10138
Published: October 21, 2020; 10:15:15 AM -0400

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-14795 - Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with net... read CVE-2020-14795
Published: October 21, 2020; 11:15:19 AM -0400

V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-14824 - Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerabi... read CVE-2020-14824
Published: October 21, 2020; 11:15:21 AM -0400

V3.1: 8.6 HIGH
V2.0: 7.8 HIGH
CVE-2020-14825 - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker wit... read CVE-2020-14825
Published: October 21, 2020; 11:15:21 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-14826 - Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: SQL Extensions). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker... read CVE-2020-14826
Published: October 21, 2020; 11:15:21 AM -0400

V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database