National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS 3.1 Official Support!
CVSS Version 3.1 Official Support!
<strong>New NVD CVE/CPE API and Legacy SOAP Service Retirement!</strong>
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2013-0760 — Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.
    Published: January 13, 2013; 03:55:02 PM -05:00

        V2: 9.3 HIGH

  • CVE-2011-0695 — Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers a... read CVE-2011-0695
    Published: March 15, 2011; 01:55:04 PM -04:00

        V2: 5.7 MEDIUM

  • CVE-2011-1012 — The ldm_parse_vmdb function in fs/partitions/ldm.c in the Linux kernel before 2.6.38-rc6-git6 does not validate the VBLK size value in the VMDB structure in an LDM partition table, which allows local users to cause a denial of service (divide-by-zero... read CVE-2011-1012
    Published: March 01, 2011; 06:00:03 PM -05:00

        V2: 4.9 MEDIUM

  • CVE-2020-9490 — Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via... read CVE-2020-9490
    Published: August 07, 2020; 12:15:12 PM -04:00

    V3.1: 7.5 HIGH
         V2: 5.0 MEDIUM

  • CVE-2020-16168 — Temi firmware 20190419.165201 does not properly verify that the source of data or communication is valid, aka an Origin Validation Error.
    Published: August 07, 2020; 09:15:10 AM -04:00

    V3.1: 6.5 MEDIUM
         V2: 4.3 MEDIUM

  • CVE-2011-1016 — The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphi... read CVE-2011-1016
    Published: February 28, 2011; 11:00:01 AM -05:00

        V2: 1.9 LOW

  • CVE-2011-0999 — mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page (THP) during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service (memory consump... read CVE-2011-0999
    Published: February 23, 2011; 02:00:02 PM -05:00

        V2: 4.9 MEDIUM

  • CVE-2011-0712 — Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device n... read CVE-2011-0712
    Published: February 18, 2011; 03:00:09 PM -05:00

        V2: 7.2 HIGH

  • CVE-2020-8026 — A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUS... read CVE-2020-8026
    Published: August 07, 2020; 06:15:11 AM -04:00

    V3.1: 7.8 HIGH
         V2: 7.2 HIGH

  • CVE-2020-13365 — Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AAS... read CVE-2020-13365
    Published: August 06, 2020; 01:15:10 PM -04:00

    V3.1: 8.8 HIGH
         V2: 9.0 HIGH

  • CVE-2020-13364 — A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.... read CVE-2020-13364
    Published: August 06, 2020; 01:15:10 PM -04:00

    V3.1: 8.8 HIGH
         V2: 9.0 HIGH

  • CVE-2020-6070 — An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can pro... read CVE-2020-6070
    Published: August 10, 2020; 10:15:13 AM -04:00

    V3.1: 7.8 HIGH
         V2: 6.8 MEDIUM

  • CVE-2020-7357 — Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in... read CVE-2020-7357
    Published: August 06, 2020; 12:15:13 PM -04:00

    V3.1: 9.9 CRITICAL
         V2: 9.0 HIGH

  • CVE-2020-8224 — A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.
    Published: August 10, 2020; 10:15:13 AM -04:00

    V3.1: 7.8 HIGH
         V2: 4.6 MEDIUM

  • CVE-2020-6012 — ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched... read CVE-2020-6012
    Published: August 04, 2020; 10:15:11 AM -04:00

    V3.1: 4.7 MEDIUM
         V2: 1.9 LOW

  • CVE-2020-8229 — A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.
    Published: August 10, 2020; 10:15:13 AM -04:00

    V3.1: 5.5 MEDIUM
         V2: 4.9 MEDIUM

  • CVE-2020-15133 — In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The `Faye::WebSocket::Client` class uses the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake whenever a `wss:` UR... read CVE-2020-15133
    Published: July 31, 2020; 02:15:14 PM -04:00

    V3.1: 8.7 HIGH
         V2: 5.8 MEDIUM

  • CVE-2020-5412 — Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting th... read CVE-2020-5412
    Published: August 07, 2020; 05:15:10 PM -04:00

    V3.1: 6.5 MEDIUM
         V2: 4.0 MEDIUM

  • CVE-2019-7005 — A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7... read CVE-2019-7005
    Published: August 07, 2020; 06:15:12 PM -04:00

    V3.1: 7.5 HIGH
         V2: 5.0 MEDIUM

  • CVE-2020-6145 — An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
    Published: August 10, 2020; 10:15:13 AM -04:00

    V3.1: 8.8 HIGH
         V2: 6.5 MEDIUM