National Vulnerability Database

National Vulnerability Database

NVD

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS Version 3.1 Official Support!
CVSS Version 3.1 Official Support!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2017-9611 - The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
    Published: July 26, 2017; 3:29:00 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2017-11749 - InternetSoft FTP Commander 8.02 and prior has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll file.
    Published: July 30, 2017; 12:29:00 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-14385 - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown... read CVE-2020-14385
    Published: September 15, 2020; 6:15:13 PM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 4.7 MEDIUM

  • CVE-2020-10766 - A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution m... read CVE-2020-10766
    Published: September 15, 2020; 7:15:12 PM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2020-10767 - A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted S... read CVE-2020-10767
    Published: September 15, 2020; 7:15:12 PM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 1.9 LOW

  • CVE-2020-25015 - A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely cha... read CVE-2020-25015
    Published: September 16, 2020; 2:15:13 PM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-24890 - libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution.
    Published: September 16, 2020; 11:15:12 AM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 2.6 LOW

  • CVE-2020-24889 - A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.
    Published: September 16, 2020; 11:15:12 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 5.1 MEDIUM

  • CVE-2020-10758 - A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request b... read CVE-2020-10758
    Published: September 16, 2020; 12:15:14 PM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2020-1710 - The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.
    Published: September 16, 2020; 11:15:12 AM -0400

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2020-25791 - An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit().
    Published: September 19, 2020; 5:15:12 PM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2020-25792 - An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().
    Published: September 19, 2020; 5:15:12 PM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2020-25794 - An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic.
    Published: September 19, 2020; 5:15:12 PM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2020-10768 - A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens... read CVE-2020-10768
    Published: September 15, 2020; 8:15:11 PM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2020-10718 - A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security man... read CVE-2020-10718
    Published: September 16, 2020; 3:15:13 PM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2020-13259 - A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is du... read CVE-2020-13259
    Published: September 16, 2020; 3:15:13 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 9.3 HIGH

  • CVE-2020-1694 - A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.
    Published: September 16, 2020; 3:15:13 PM -0400

    V3.1: 4.9 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2020-10781 - A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read alloca... read CVE-2020-10781
    Published: September 16, 2020; 9:15:10 AM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 4.9 MEDIUM

  • CVE-2020-6781 - Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack.
    Published: September 16, 2020; 3:15:14 PM -0400

    V3.1: 7.4 HIGH
     V2.0: 5.8 MEDIUM

  • CVE-2020-14386 - A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.
    Published: September 16, 2020; 9:15:11 AM -0400

    V3.1: 6.7 MEDIUM
     V2.0: 7.2 HIGH