NVD

2022-23 Change Timeline

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2021-45105 - Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service... read CVE-2021-45105
Published: December 18, 2021; 7:15:07 AM -0500

V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-31340 - A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIM... read CVE-2021-31340
Published: June 08, 2021; 4:15:08 PM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-32761 - Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `... read CVE-2021-32761
Published: July 21, 2021; 5:15:07 PM -0400

V3.1: 7.5 HIGH
V2.0: 6.0 MEDIUM
CVE-2021-32687 - Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code e... read CVE-2021-32687
Published: October 04, 2021; 2:15:08 PM -0400

V3.1: 7.5 HIGH
V2.0: 6.0 MEDIUM
CVE-2021-32628 - Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vuln... read CVE-2021-32628
Published: October 04, 2021; 2:15:08 PM -0400

V3.1: 7.5 HIGH
V2.0: 6.0 MEDIUM
CVE-2021-32627 - Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing th... read CVE-2021-32627
Published: October 04, 2021; 2:15:08 PM -0400

V3.1: 7.5 HIGH
V2.0: 6.0 MEDIUM
CVE-2021-32626 - Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can res... read CVE-2021-32626
Published: October 04, 2021; 2:15:08 PM -0400

V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-32762 - Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result o... read CVE-2021-32762
Published: October 04, 2021; 2:15:09 PM -0400

V3.1: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2021-40360 - A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All vers... read CVE-2021-40360
Published: February 09, 2022; 11:15:13 AM -0500

V3.1: 8.8 HIGH
V2.0: 4.0 MEDIUM
CVE-2021-32675 - Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk... read CVE-2021-32675
Published: October 04, 2021; 2:15:08 PM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-32672 - Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all version... read CVE-2021-32672
Published: October 04, 2021; 2:15:08 PM -0400

V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-45450 - In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
Published: December 21, 2021; 2:15:06 AM -0500

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-40363 - A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All vers... read CVE-2021-40363
Published: February 09, 2022; 11:15:13 AM -0500

V3.1: 7.8 HIGH
V2.0: 2.1 LOW
CVE-2019-6575 - A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All ... read CVE-2019-6575
Published: April 17, 2019; 10:29:03 AM -0400

V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2022-2846 - The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauth... read CVE-2022-2846
Published: August 16, 2022; 3:15:09 PM -0400

V3.1: 4.3 MEDIUM
CVE-2018-4832 - A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.... read CVE-2018-4832
Published: April 24, 2018; 1:29:00 PM -0400

V3.1: 7.5 HIGH
V2.0: 4.3 MEDIUM
CVE-2021-3609 - .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux ke... read CVE-2021-3609
Published: March 03, 2022; 2:15:08 PM -0500

V3.1: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2022-24903 - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this v... read CVE-2022-24903
Published: May 05, 2022; 8:15:07 PM -0400

V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-16881 - A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
Published: January 25, 2019; 1:29:00 PM -0500

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2022-23267 - .NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145.
Published: May 10, 2022; 5:15:09 PM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database