NVD

New NVD CVE/CPE API and Legacy SOAP Service Retirement!

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2022-1740 - The tested version of Dominion Voting Systems ImageCast X’s on-screen application hash display feature, audit log export, and application export functionality rely on self-attestation mechanisms. An attacker could leverage this vulnerability to di... read CVE-2022-1740
Published: June 24, 2022; 11:15:09 AM -0400

V3.1: 4.6 MEDIUM
V2.0: 2.1 LOW
CVE-2022-1741 - The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code.
Published: June 24, 2022; 11:15:09 AM -0400

V3.1: 6.8 MEDIUM
V2.0: 7.2 HIGH
CVE-2022-1742 - The tested version of Dominion Voting Systems ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. An attacker could leverage this vulnerability to escalate privileges on a devi... read CVE-2022-1742
Published: June 24, 2022; 11:15:09 AM -0400

V3.1: 6.8 MEDIUM
V2.0: 7.2 HIGH
CVE-2022-1743 - The tested version of Dominion Voting System ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files. An attacker could leverage this vulnerability to spread malicious code to ImageCast X dev... read CVE-2022-1743
Published: June 24, 2022; 11:15:09 AM -0400

V3.1: 6.8 MEDIUM
V2.0: 7.2 HIGH
CVE-2022-1744 - Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or insta... read CVE-2022-1744
Published: June 24, 2022; 11:15:09 AM -0400

V3.1: 6.8 MEDIUM
V2.0: 7.2 HIGH
CVE-2022-1745 - The authentication mechanism used by technicians on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker with physical access may use this to gain administrative privileges on a device and install malici... read CVE-2022-1745
Published: June 24, 2022; 11:15:09 AM -0400

V3.1: 6.8 MEDIUM
V2.0: 7.2 HIGH
CVE-2022-1746 - The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerabi... read CVE-2022-1746
Published: June 24, 2022; 11:15:10 AM -0400

V3.1: 7.6 HIGH
V2.0: 7.2 HIGH
CVE-2022-27238 - BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross-Site Scripting (XSS) in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets executed in the browser of the vict... read CVE-2022-27238
Published: June 24, 2022; 12:15:09 PM -0400

V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2022-29330 - Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors.
Published: June 24, 2022; 12:15:09 PM -0400

V3.1: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2022-31767 - IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980.
Published: June 24, 2022; 12:15:09 PM -0400

V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2022-33953 - IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198.
Published: June 24, 2022; 12:15:10 PM -0400

V3.1: 4.6 MEDIUM
V2.0: 2.1 LOW
CVE-2022-32998 - The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as we... read CVE-2022-32998
Published: June 24, 2022; 5:15:08 PM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-32997 - The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as esc... read CVE-2022-32997
Published: June 24, 2022; 5:15:08 PM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-32996 - The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escal... read CVE-2022-32996
Published: June 24, 2022; 5:15:07 PM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-21742 - Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services.
Published: June 20, 2022; 2:15:08 AM -0400

V3.1: 6.5 MEDIUM
V2.0: 3.3 LOW
CVE-2021-3675 - Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint D... read CVE-2021-3675
Published: June 16, 2022; 1:15:07 PM -0400

V3.1: 7.1 HIGH
V2.0: 3.6 LOW
CVE-2022-1642 - A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. This vulnerability is caused by the interaction between a deserial... read CVE-2022-1642
Published: June 16, 2022; 1:15:07 PM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2022-31070 - NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to block sensitive cookies (e.g. session cookies) from being forwarded to backend services configured by the applicati... read CVE-2022-31070
Published: June 15, 2022; 3:15:11 PM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2022-31069 - NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to control when Authorization headers should should be forwarded for specific backend services configured by the appli... read CVE-2022-31069
Published: June 15, 2022; 3:15:11 PM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-21046 - A local privilege escalation vulnerability was identified within the "luminati_net_updater_win_eagleget_com" service in EagleGet Downloader version 2.1.5.20 Stable. This issue allows authenticated non-administrative user to escalate their privileg... read CVE-2020-21046
Published: June 24, 2022; 12:15:08 PM -0400

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database