National Vulnerability Database

National Vulnerability Database

NVD

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS Version 3.1 Official Support!
CVSS Version 3.1 Official Support!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2021-22701 - A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended actio... read CVE-2021-22701
    Published: February 19, 2021; 11:15:12 AM -0500

    V3.1: 4.5 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-22703 - A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of us... read CVE-2021-22703
    Published: February 19, 2021; 11:15:13 AM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2021-22702 - A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause di... read CVE-2021-22702
    Published: February 19, 2021; 11:15:13 AM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2020-9050 - Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system.
    Published: February 19, 2021; 1:15:11 PM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2020-11147 - Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile
    Published: February 22, 2021; 2:15:13 AM -0500

    V3.1: 6.7 MEDIUM
     V2.0: 4.6 MEDIUM

  • CVE-2020-35571 - An issue was discovered in MantisBT through 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on CSP settings.
    Published: February 21, 2021; 10:15:14 PM -0500

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-26933 - An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memo... read CVE-2021-26933
    Published: February 16, 2021; 9:15:13 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2021-21318 - Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before version 9.2 there is a vulnerability in which publishing an episode with strict access rules will overwrite the currently... read CVE-2021-21318
    Published: February 18, 2021; 1:15:11 PM -0500

    V3.1: 5.4 MEDIUM
     V2.0: 5.5 MEDIUM

  • CVE-2021-27231 - Hestia Control Panel through 1.3.3, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages.
    Published: February 15, 2021; 11:15:12 PM -0500

    V3.1: 5.4 MEDIUM
     V2.0: 5.5 MEDIUM

  • CVE-2021-26932 - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported ... read CVE-2021-26932
    Published: February 16, 2021; 9:15:13 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 1.9 LOW

  • CVE-2020-35664 - An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. There is cross-site scripting (XSS) in the console.
    Published: February 21, 2021; 10:15:14 PM -0500

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-35556 - An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur.
    Published: February 21, 2021; 10:15:14 PM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2019-11360 - A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c.
    Published: July 12, 2019; 10:15:11 AM -0400

    V3.1: 4.2 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2021-20199 - Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authent... read CVE-2021-20199
    Published: February 02, 2021; 2:15:14 PM -0500

    V3.1: 5.9 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-29443 - ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
    Published: January 26, 2021; 1:15:51 PM -0500

    V3.1: 3.9 LOW
     V2.0: 3.3 LOW

  • CVE-2021-21155 - Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    Published: February 22, 2021; 5:15:12 PM -0500

    V3.1: 9.6 CRITICAL
     V2.0: 6.8 MEDIUM

  • CVE-2021-21150 - Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    Published: February 22, 2021; 5:15:12 PM -0500

    V3.1: 9.6 CRITICAL
     V2.0: 6.8 MEDIUM

  • CVE-2021-21149 - Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
    Published: February 22, 2021; 5:15:12 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-21152 - Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    Published: February 22, 2021; 5:15:12 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-21153 - Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
    Published: February 22, 2021; 5:15:12 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM