U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2021-45105 - Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service... read CVE-2021-45105
    Published: December 18, 2021; 7:15:07 AM -0500

    V3.1: 5.9 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2021-31340 - A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIM... read CVE-2021-31340
    Published: June 08, 2021; 4:15:08 PM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2021-32761 - Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `... read CVE-2021-32761
    Published: July 21, 2021; 5:15:07 PM -0400

    V3.1: 7.5 HIGH
    V2.0: 6.0 MEDIUM

  • CVE-2021-32687 - Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code e... read CVE-2021-32687
    Published: October 04, 2021; 2:15:08 PM -0400

    V3.1: 7.5 HIGH
    V2.0: 6.0 MEDIUM

  • CVE-2021-32628 - Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vuln... read CVE-2021-32628
    Published: October 04, 2021; 2:15:08 PM -0400

    V3.1: 7.5 HIGH
    V2.0: 6.0 MEDIUM

  • CVE-2021-32627 - Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing th... read CVE-2021-32627
    Published: October 04, 2021; 2:15:08 PM -0400

    V3.1: 7.5 HIGH
    V2.0: 6.0 MEDIUM

  • CVE-2021-32626 - Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can res... read CVE-2021-32626
    Published: October 04, 2021; 2:15:08 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 6.5 MEDIUM

  • CVE-2021-32762 - Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result o... read CVE-2021-32762
    Published: October 04, 2021; 2:15:09 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 9.0 HIGH

  • CVE-2021-40360 - A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All vers... read CVE-2021-40360
    Published: February 09, 2022; 11:15:13 AM -0500

    V3.1: 8.8 HIGH
    V2.0: 4.0 MEDIUM

  • CVE-2021-32675 - Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk... read CVE-2021-32675
    Published: October 04, 2021; 2:15:08 PM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2021-32672 - Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all version... read CVE-2021-32672
    Published: October 04, 2021; 2:15:08 PM -0400

    V3.1: 4.3 MEDIUM
    V2.0: 4.0 MEDIUM

  • CVE-2021-45450 - In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
    Published: December 21, 2021; 2:15:06 AM -0500

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2021-40363 - A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All vers... read CVE-2021-40363
    Published: February 09, 2022; 11:15:13 AM -0500

    V3.1: 7.8 HIGH
    V2.0: 2.1 LOW

  • CVE-2019-6575 - A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All ... read CVE-2019-6575
    Published: April 17, 2019; 10:29:03 AM -0400

    V3.1: 7.5 HIGH
    V2.0: 7.8 HIGH

  • CVE-2022-2846 - The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauth... read CVE-2022-2846
    Published: August 16, 2022; 3:15:09 PM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2018-4832 - A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.... read CVE-2018-4832
    Published: April 24, 2018; 1:29:00 PM -0400

    V3.1: 7.5 HIGH
    V2.0: 4.3 MEDIUM

  • CVE-2021-3609 - .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux ke... read CVE-2021-3609
    Published: March 03, 2022; 2:15:08 PM -0500

    V3.1: 7.0 HIGH
    V2.0: 6.9 MEDIUM

  • CVE-2022-24903 - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this v... read CVE-2022-24903
    Published: May 05, 2022; 8:15:07 PM -0400

    V3.1: 8.1 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2018-16881 - A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
    Published: January 25, 2019; 1:29:00 PM -0500

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2022-23267 - .NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145.
    Published: May 10, 2022; 5:15:09 PM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM