National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2020-1711 — An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_s... read CVE-2020-1711
    Published: February 11, 2020; 03:15:11 PM -05:00

    V3.1: 9.9 CRITICAL
        V2: 6.5 MEDIUM

  • CVE-2013-7098 — OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection.
    Published: February 13, 2020; 06:15:11 PM -05:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2020-1855 — Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. An attacker can access the device physically and exploit this vulnerability to... read CVE-2020-1855
    Published: February 17, 2020; 10:15:11 PM -05:00

    V3.1: 6.1 MEDIUM
        V2: 3.6 LOW

  • CVE-2019-18791 — Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser.
    Published: February 13, 2020; 11:15:11 AM -05:00

    V3.1: 5.4 MEDIUM
        V2: 3.5 LOW

  • CVE-2013-6927 — Internet TRiLOGI Server (unknown versions) could allow a local user to bypass security and create a local user account.
    Published: February 13, 2020; 06:15:11 PM -05:00

    V3.1: 5.5 MEDIUM
        V2: 2.1 LOW

  • CVE-2020-7050 — Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly fla... read CVE-2020-7050
    Published: February 15, 2020; 01:19:50 PM -05:00

    V3.1: 5.4 MEDIUM
        V2: 3.5 LOW

  • CVE-2020-7597 — codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix... read CVE-2020-7597
    Published: February 17, 2020; 02:15:12 PM -05:00

    V3.1: 8.8 HIGH
        V2: 6.5 MEDIUM

  • CVE-2019-18998 — Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can acces... read CVE-2019-18998
    Published: February 17, 2020; 02:15:12 PM -05:00

    V3.1: 7.1 HIGH
        V2: 5.5 MEDIUM

  • CVE-2020-9021 — Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer par... read CVE-2020-9021
    Published: February 16, 2020; 11:15:10 PM -05:00

    V3.1: 9.8 CRITICAL
        V2: 10.0 HIGH

  • CVE-2020-8128 — An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code.
    Published: February 14, 2020; 05:15:10 PM -05:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2019-19325 — SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows perform... read CVE-2019-19325
    Published: February 17, 2020; 03:15:11 PM -05:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-1693 — A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of... read CVE-2020-1693
    Published: February 17, 2020; 03:15:11 PM -05:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2020-1828 — Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module... read CVE-2020-1828
    Published: February 17, 2020; 03:15:11 PM -05:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2013-7173 — Belkin n750 routers have a buffer overflow.
    Published: February 13, 2020; 06:15:11 PM -05:00

    V3.1: 9.8 CRITICAL
        V2: 10.0 HIGH

  • CVE-2020-1857 — Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to... read CVE-2020-1857
    Published: February 17, 2020; 03:15:11 PM -05:00

    V3.1: 5.5 MEDIUM
        V2: 2.1 LOW

  • CVE-2020-1841 — Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R0... read CVE-2020-1841
    Published: February 17, 2020; 04:15:12 PM -05:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2020-1858 — Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; Secospace USG6600 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100; and USG9500 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00... read CVE-2020-1858
    Published: February 17, 2020; 03:15:11 PM -05:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2013-5687 — RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure.
    Published: February 13, 2020; 07:15:11 PM -05:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2020-1815 — Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a memory leak vulnerability. The software does not sufficien... read CVE-2020-1815
    Published: February 17, 2020; 07:15:11 PM -05:00

    V3.1: 7.5 HIGH
        V2: 4.3 MEDIUM

  • CVE-2020-8991 — vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs.
    Published: February 14, 2020; 12:15:13 AM -05:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM