The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2020-35483 - AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll f... read CVE-2020-35483
    Published: January 11, 2021; 10:15:13 AM -0500

    V3.1: 7.8 HIGH
    V2.0: 4.4 MEDIUM

  • CVE-2021-23253 - Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With the URL being left-aligned, the user will only se... read CVE-2021-23253
    Published: January 11, 2021; 11:15:15 AM -0500

    V3.1: 5.3 MEDIUM
    V2.0: 5.0 MEDIUM

  • CVE-2021-1663 - Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-1670, CVE-2021-1672.
    Published: January 12, 2021; 3:15:31 PM -0500

    V3.1: 5.5 MEDIUM
    V2.0: 2.1 LOW

  • CVE-2021-1664 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
    Published: January 12, 2021; 3:15:31 PM -0500

    V3.1: 8.8 HIGH
    V2.0: 6.5 MEDIUM

  • CVE-2021-1662 - Windows Event Tracing Elevation of Privilege Vulnerability
    Published: January 12, 2021; 3:15:31 PM -0500

    V3.1: 7.8 HIGH
    V2.0: 4.6 MEDIUM

  • CVE-2020-15799 - A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions). The vulnerability could allow an unauthenticated attacker t... read CVE-2020-15799
    Published: January 12, 2021; 4:15:16 PM -0500

    V3.1: 6.5 MEDIUM
    V2.0: 7.1 HIGH

  • CVE-2020-28374 - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c... read CVE-2020-28374
    Published: January 12, 2021; 11:15:12 PM -0500

    V3.1: 8.1 HIGH
    V2.0: 5.5 MEDIUM

  • CVE-2021-1146 - Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The... read CVE-2021-1146
    Published: January 13, 2021; 5:15:14 PM -0500

    V3.1: 7.2 HIGH
    V2.0: 9.0 HIGH

  • CVE-2021-1127 - A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management i... read CVE-2021-1127
    Published: January 13, 2021; 5:15:14 PM -0500

    V3.1: 5.4 MEDIUM
    V2.0: 3.5 LOW

  • CVE-2021-3032 - An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. ... read CVE-2021-3032
    Published: January 13, 2021; 1:15:14 PM -0500

    V3.1: 4.4 MEDIUM
    V2.0: 2.1 LOW

  • CVE-2021-3031 - Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame is created. This leaks a small amount of random... read CVE-2021-3031
    Published: January 13, 2021; 1:15:14 PM -0500

    V3.1: 4.3 MEDIUM
    V2.0: 3.3 LOW

  • CVE-2017-12116 - An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in autho... read CVE-2017-12116
    Published: January 19, 2018; 6:29:00 PM -0500

    V3.1: 8.1 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2015-6926 - The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token.
    Published: January 19, 2018; 10:29:00 AM -0500

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2014-4919 - OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical... read CVE-2014-4919
    Published: January 19, 2018; 10:29:00 AM -0500

    V3.1: 5.4 MEDIUM
    V2.0: 5.8 MEDIUM

  • CVE-2020-25659 - python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
    Published: January 11, 2021; 11:15:15 AM -0500

    V3.1: 5.9 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2020-7784 - This affects all versions of package ts-process-promises. The injection point is located in line 45 in main entry of package in lib/process-promises.js. The vulnerability is demonstrated with the following PoC:
    Published: January 08, 2021; 8:15:10 AM -0500

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2021-1710 - Microsoft Windows Media Foundation Remote Code Execution Vulnerability
    Published: January 12, 2021; 3:15:34 PM -0500

    V3.1: 7.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2021-1706 - Windows LUAFV Elevation of Privilege Vulnerability
    Published: January 12, 2021; 3:15:34 PM -0500

    V3.1: 8.8 HIGH
    V2.0: 9.0 HIGH

  • CVE-2020-9203 - There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer's use experience.
    Published: January 13, 2021; 5:15:14 PM -0500

    V3.1: 3.3 LOW
    V2.0: 2.1 LOW

  • CVE-2021-1707 - Microsoft SharePoint Server Remote Code Execution Vulnerability
    Published: January 12, 2021; 3:15:34 PM -0500

    V3.1: 8.8 HIGH
    V2.0: 9.0 HIGH