National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2020-17495 — django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.
    Published: August 11, 2020; 05:15:10 PM -04:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2020-13175 — The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthen... read CVE-2020-13175
    Published: August 11, 2020; 02:15:12 PM -04:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2020-15656 — JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firef... read CVE-2020-15656
    Published: August 10, 2020; 02:15:12 PM -04:00

    V3.1: 8.8 HIGH
        V2: 9.3 HIGH

  • CVE-2020-12648 — A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.
    Published: August 14, 2020; 10:15:12 AM -04:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-16287 — A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
    Published: August 12, 2020; 11:15:12 PM -04:00

    V3.1: 5.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-16289 — A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
    Published: August 12, 2020; 11:15:12 PM -04:00

    V3.1: 5.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-16290 — A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
    Published: August 12, 2020; 11:15:12 PM -04:00

    V3.1: 5.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-16291 — A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
    Published: August 12, 2020; 11:15:12 PM -04:00

    V3.1: 5.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-16292 — A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
    Published: August 12, 2020; 11:15:13 PM -04:00

    V3.1: 5.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-16293 — A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fix... read CVE-2020-16293
    Published: August 12, 2020; 11:15:13 PM -04:00

    V3.1: 5.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-16294 — A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
    Published: August 12, 2020; 11:15:13 PM -04:00

    V3.1: 5.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2012-1610 — Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: th... read CVE-2012-1610
    Published: June 05, 2012; 06:55:10 PM -04:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2020-16295 — A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
    Published: August 12, 2020; 11:15:13 PM -04:00

    V3.1: 5.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-16296 — A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
    Published: August 12, 2020; 11:15:13 PM -04:00

    V3.1: 5.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-15658 — The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This v... read CVE-2020-15658
    Published: August 10, 2020; 02:15:12 PM -04:00

    V3.1: 6.5 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-15902 — Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option.
    Published: July 22, 2020; 06:15:11 PM -04:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-0305 — In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:... read CVE-2020-0305
    Published: July 17, 2020; 04:15:11 PM -04:00

    V3.1: 6.4 MEDIUM
        V2: 4.4 MEDIUM

  • CVE-2019-20908 — An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032.
    Published: July 15, 2020; 06:15:13 PM -04:00

    V3.1: 6.7 MEDIUM
        V2: 6.9 MEDIUM

  • CVE-2020-10769 — A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment bou... read CVE-2020-10769
    Published: June 26, 2020; 12:15:12 PM -04:00

    V3.1: 5.5 MEDIUM
        V2: 2.1 LOW

  • CVE-2020-10135 — Legacy pairing and secure-connections pairing authentication in Bluetooth® BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, ad... read CVE-2020-10135
    Published: May 19, 2020; 12:15:11 PM -04:00

    V3.1: 5.4 MEDIUM
        V2: 4.8 MEDIUM