National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2020-3163 — A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected softw... read CVE-2020-3163
    Published: February 19, 2020; 03:15:15 PM -05:00

    V3.1: 5.9 MEDIUM
        V2: 7.1 HIGH

  • CVE-2020-4161 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. IBM X-Force ID: 174341.
    Published: February 19, 2020; 11:15:11 AM -05:00

    V3.1: 6.5 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2020-4135 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage.
    Published: February 19, 2020; 11:15:11 AM -05:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2020-4204 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with r... read CVE-2020-4204
    Published: February 19, 2020; 11:15:11 AM -05:00

    V3.1: 7.8 HIGH
        V2: 7.2 HIGH

  • CVE-2019-4457 — IBM Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 could allow an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 163654.
    Published: February 19, 2020; 11:15:11 AM -05:00

    V3.1: 6.5 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2020-6975 — Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application.
    Published: February 12, 2020; 06:15:11 PM -05:00

    V3.1: 4.9 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2020-3159 — A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The v... read CVE-2020-3159
    Published: February 19, 2020; 03:15:15 PM -05:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-10791 — promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization.
    Published: February 18, 2020; 12:15:14 PM -05:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2019-6194 — An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure.
    Published: February 14, 2020; 12:15:13 PM -05:00

    V3.1: 5.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2019-4752 — IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view,... read CVE-2019-4752
    Published: February 20, 2020; 12:15:13 PM -05:00

    V3.1: 8.8 HIGH
        V2: 6.5 MEDIUM

  • CVE-2019-19865 — Atos Unify OpenScape UC Web Client 1.0 allows XSS. An attacker could exploit this by convincing an authenticated user to inject arbitrary JavaScript code in the Profile Name field. A browser would execute this stored XSS payload.
    Published: February 21, 2020; 11:15:11 AM -05:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-9272 — ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.
    Published: February 20, 2020; 11:15:11 AM -05:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2015-0749 — A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parame... read CVE-2015-0749
    Published: February 18, 2020; 10:15:10 PM -05:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-5524 — Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privilege... read CVE-2020-5524
    Published: February 21, 2020; 05:15:11 AM -05:00

    V3.1: 8.8 HIGH
        V2: 8.3 HIGH

  • CVE-2015-7507 — libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function.
    Published: February 18, 2020; 02:15:12 PM -05:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2020-6973 — Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition.
    Published: February 12, 2020; 07:15:11 PM -05:00

    V3.1: 6.2 MEDIUM
        V2: 6.3 MEDIUM

  • CVE-2019-4583 — IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289.
    Published: February 20, 2020; 12:15:12 PM -05:00

    V3.1: 4.3 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2020-8960 — Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS.
    Published: February 20, 2020; 06:15:20 PM -05:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-9013 — Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting <div id="watermark"> from the HTML source code.
    Published: February 16, 2020; 04:15:10 PM -05:00

    V3.1: 4.3 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2020-5525 — Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with... read CVE-2020-5525
    Published: February 21, 2020; 05:15:11 AM -05:00

    V3.1: 8.0 HIGH
        V2: 7.7 HIGH