National Vulnerability Database

National Vulnerability Database

NVD

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS Version 3.1 Official Support!
CVSS Version 3.1 Official Support!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2020-17145 - , aka 'Azure DevOps Server and Team Foundation Services Spoofing Vulnerability'.
    Published: December 09, 2020; 7:15:16 PM -0500

    V3.1: 5.4 MEDIUM
     V2.0: 4.9 MEDIUM

  • CVE-2019-4738 - IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ... read CVE-2019-4738
    Published: December 10, 2020; 6:15:10 PM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2020-17143 - , aka 'Microsoft Exchange Information Disclosure Vulnerability'.
    Published: December 09, 2020; 7:15:16 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2020-17129 - , aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128.
    Published: December 09, 2020; 7:15:15 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 9.3 HIGH

  • CVE-2020-17127 - , aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17128, CVE-2020-17129.
    Published: December 09, 2020; 7:15:15 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 9.3 HIGH

  • CVE-2020-17147 - , aka 'Dynamics CRM Webclient Cross-site Scripting Vulnerability'.
    Published: December 09, 2020; 7:15:16 PM -0500

    V3.1: 5.4 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2020-17148 - , aka 'Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability'.
    Published: December 09, 2020; 7:15:16 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-2498 - If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.... read CVE-2020-2498
    Published: December 09, 2020; 11:15:12 PM -0500

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-17150 - , aka 'Visual Studio Code Remote Code Execution Vulnerability'.
    Published: December 09, 2020; 7:15:16 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-17152 - , aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17158.
    Published: December 09, 2020; 7:15:16 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2020-2494 - This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and later QTS ... read CVE-2020-2494
    Published: December 09, 2020; 11:15:11 PM -0500

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-17153 - , aka 'Microsoft Edge for Android Spoofing Vulnerability'.
    Published: December 09, 2020; 7:15:16 PM -0500

    V3.1: 6.1 MEDIUM
     V2.0: 5.8 MEDIUM

  • CVE-2020-2495 - If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build ... read CVE-2020-2495
    Published: December 09, 2020; 11:15:11 PM -0500

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-17099 - , aka 'Windows Lock Screen Security Feature Bypass Vulnerability'.
    Published: December 09, 2020; 7:15:14 PM -0500

    V3.1: 6.8 MEDIUM
     V2.0: 4.6 MEDIUM

  • CVE-2020-17115 - , aka 'Microsoft SharePoint Spoofing Vulnerability'.
    Published: December 09, 2020; 7:15:14 PM -0500

    V3.1: 8.0 HIGH
     V2.0: 6.0 MEDIUM

  • CVE-2020-17119 - , aka 'Microsoft Outlook Information Disclosure Vulnerability'.
    Published: December 09, 2020; 7:15:14 PM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2020-17120 - , aka 'Microsoft SharePoint Information Disclosure Vulnerability'.
    Published: December 09, 2020; 7:15:14 PM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2020-2493 - This cross-site scripting vulnerability in Multimedia Console allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in Multimedia Console 1.1.5 and later.
    Published: December 09, 2020; 11:15:11 PM -0500

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-17121 - , aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17118.
    Published: December 09, 2020; 7:15:14 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2020-2496 - If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build ... read CVE-2020-2496
    Published: December 09, 2020; 11:15:11 PM -0500

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM