National Vulnerability Database

National Vulnerability Database

NVD

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS Version 3.1 Official Support!
CVSS Version 3.1 Official Support!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2020-15201 - In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid p... read CVE-2020-15201
    Published: September 25, 2020; 3:15:15 PM -0400

    V3.1: 4.8 MEDIUM
     V2.0: 6.8 MEDIUM

  • CVE-2020-3124 - A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability i... read CVE-2020-3124
    Published: September 22, 2020; 9:15:14 PM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2019-10313 - Jenkins Twitter Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
    Published: April 30, 2019; 9:29:05 AM -0400

    V3.1: 8.8 HIGH
     V2.0: 4.0 MEDIUM

  • CVE-2020-15200 - In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid p... read CVE-2020-15200
    Published: September 25, 2020; 3:15:15 PM -0400

    V3.1: 5.9 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-15198 - In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has the same shape as the `valu... read CVE-2020-15198
    Published: September 25, 2020; 3:15:15 PM -0400

    V3.1: 5.4 MEDIUM
     V2.0: 5.8 MEDIUM

  • CVE-2020-15197 - In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has rank 2. This tensor must be... read CVE-2020-15197
    Published: September 25, 2020; 3:15:14 PM -0400

    V3.1: 6.3 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2020-15195 - In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus ... read CVE-2020-15195
    Published: September 25, 2020; 3:15:14 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2019-10348 - Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
    Published: July 11, 2019; 10:15:10 AM -0400

    V3.1: 8.8 HIGH
     V2.0: 4.0 MEDIUM

  • CVE-2019-10366 - Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.
    Published: July 31, 2019; 9:15:13 AM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2019-10369 - A missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified U... read CVE-2019-10369
    Published: August 07, 2019; 11:15:12 AM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2019-10385 - Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
    Published: August 07, 2019; 11:15:13 AM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2020-16171 - An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the ... read CVE-2020-16171
    Published: September 21, 2020; 10:15:13 AM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 6.4 MEDIUM

  • CVE-2019-10378 - Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
    Published: August 07, 2019; 11:15:13 AM -0400

    V3.1: 5.3 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2019-10380 - Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.
    Published: August 07, 2019; 11:15:13 AM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2019-10389 - A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.
    Published: August 07, 2019; 11:15:13 AM -0400

    V3.1: 4.3 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2020-4315 - IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a si... read CVE-2020-4315
    Published: September 21, 2020; 11:15:12 AM -0400

    V3.1: 4.3 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2019-10409 - A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates.
    Published: September 25, 2019; 12:15:10 PM -0400

    V3.1: 4.3 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2019-10455 - A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
    Published: October 16, 2019; 10:15:13 AM -0400

    V3.1: 4.3 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2019-10457 - A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
    Published: October 16, 2019; 10:15:13 AM -0400

    V3.1: 4.3 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2020-3117 - A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's r... read CVE-2020-3117
    Published: September 22, 2020; 9:15:14 PM -0400

    V3.1: 4.7 MEDIUM
     V2.0: 4.3 MEDIUM