U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NOTICE

NIST is currently working to establish a consortium to address challenges in the NVD program and develop improved tools and methods. You will temporarily see delays in analysis efforts during this transition. We apologize for the inconvenience and ask for your patience as we work to improve the NVD program.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2024-21401 - Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability
    Published: February 13, 2024; 1:15:58 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2024-21413 - Microsoft Outlook Remote Code Execution Vulnerability
    Published: February 13, 2024; 1:16:00 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2023-4535 - An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device o... read CVE-2023-4535
    Published: November 06, 2023; 12:15:12 PM -0500

    V3.1: 3.8 LOW

  • CVE-2022-21476 - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition:... read CVE-2022-21476
    Published: April 19, 2022; 5:15:17 PM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2023-44330 - Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in... read CVE-2023-44330
    Published: November 16, 2023; 10:15:08 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2020-11935 - It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack.
    Published: April 06, 2023; 10:15:07 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2023-25840 - There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims ... read CVE-2023-25840
    Published: July 21, 2023; 3:15:10 PM -0400

    V3.1: 3.4 LOW

  • CVE-2021-29093 - A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
    Published: March 25, 2021; 5:15:13 PM -0400

    V3.1: 6.8 MEDIUM
    V2.0: 6.0 MEDIUM

  • CVE-2021-29095 - Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the... read CVE-2021-29095
    Published: March 25, 2021; 5:15:13 PM -0400

    V3.1: 6.8 MEDIUM
    V2.0: 6.0 MEDIUM

  • CVE-2021-29094 - Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the servi... read CVE-2021-29094
    Published: March 25, 2021; 5:15:13 PM -0400

    V3.1: 6.8 MEDIUM
    V2.0: 6.0 MEDIUM

  • CVE-2022-3479 - A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.
    Published: October 14, 2022; 1:15:15 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2023-25584 - An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.
    Published: September 14, 2023; 5:15:10 PM -0400

    V3.1: 7.1 HIGH

  • CVE-2023-25841 - There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 – 11.0 on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially exec... read CVE-2023-25841
    Published: July 21, 2023; 3:15:10 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-21397 - Microsoft Azure File Sync Elevation of Privilege Vulnerability
    Published: February 13, 2024; 1:15:58 PM -0500

    V3.1: 5.3 MEDIUM

  • CVE-2024-21396 - Dynamics 365 Sales Spoofing Vulnerability
    Published: February 13, 2024; 1:15:57 PM -0500

    V3.1: 7.6 HIGH

  • CVE-2024-21395 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
    Published: February 13, 2024; 1:15:57 PM -0500

    V3.1: 8.2 HIGH

  • CVE-2024-21394 - Dynamics 365 Field Service Spoofing Vulnerability
    Published: February 13, 2024; 1:15:57 PM -0500

    V3.1: 7.6 HIGH

  • CVE-2024-21393 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
    Published: February 13, 2024; 1:15:57 PM -0500

    V3.1: 7.6 HIGH

  • CVE-2024-21389 - Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
    Published: February 13, 2024; 1:15:56 PM -0500

    V3.1: 7.6 HIGH

  • CVE-2024-21384 - Microsoft Office OneNote Remote Code Execution Vulnerability
    Published: February 13, 2024; 1:15:56 PM -0500

    V3.1: 7.8 HIGH

Created September 20, 2022 , Updated February 13, 2024