National Vulnerability Database

National Vulnerability Database

NVD

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS Version 3.1 Official Support!
CVSS Version 3.1 Official Support!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2020-14803 - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple proto... read CVE-2020-14803
    Published: October 21, 2020; 11:15:20 AM -0400

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2020-15985 - Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
    Published: November 02, 2020; 10:15:13 PM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-15979 - Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    Published: November 02, 2020; 10:15:13 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-15987 - Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.
    Published: November 02, 2020; 10:15:14 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-15989 - Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
    Published: November 02, 2020; 10:15:14 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-15992 - Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
    Published: November 02, 2020; 10:15:14 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-16002 - Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
    Published: November 02, 2020; 10:15:15 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-15995 - Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    Published: November 02, 2020; 10:15:14 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-14797 - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unau... read CVE-2020-14797
    Published: October 21, 2020; 11:15:19 AM -0400

    V3.1: 3.7 LOW
     V2.0: 4.3 MEDIUM

  • CVE-2020-14792 - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauth... read CVE-2020-14792
    Published: October 21, 2020; 11:15:19 AM -0400

    V3.1: 4.2 MEDIUM
     V2.0: 5.8 MEDIUM

  • CVE-2020-14782 - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unau... read CVE-2020-14782
    Published: October 21, 2020; 11:15:18 AM -0400

    V3.1: 3.7 LOW
     V2.0: 4.3 MEDIUM

  • CVE-2020-14781 - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthent... read CVE-2020-14781
    Published: October 21, 2020; 11:15:18 AM -0400

    V3.1: 3.7 LOW
     V2.0: 4.3 MEDIUM

  • CVE-2020-14798 - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unau... read CVE-2020-14798
    Published: October 21, 2020; 11:15:19 AM -0400

    V3.1: 3.1 LOW
     V2.0: 2.6 LOW

  • CVE-2020-14796 - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unau... read CVE-2020-14796
    Published: October 21, 2020; 11:15:19 AM -0400

    V3.1: 3.1 LOW
     V2.0: 2.6 LOW

  • CVE-2020-16001 - Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    Published: November 02, 2020; 10:15:14 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-2659 - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated... read CVE-2020-2659
    Published: January 15, 2020; 12:15:24 PM -0500

    V3.1: 3.7 LOW
     V2.0: 4.3 MEDIUM

  • CVE-2020-29369 - An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
    Published: November 28, 2020; 2:15:11 AM -0500

    V3.1: 7.0 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2020-13482 - EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.
    Published: May 25, 2020; 6:15:09 PM -0400

    V3.1: 7.4 HIGH
     V2.0: 5.8 MEDIUM

  • CVE-2020-27773 - A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by ze... read CVE-2020-27773
    Published: December 04, 2020; 5:15:12 PM -0500

    V3.1: 3.3 LOW
     V2.0: 4.3 MEDIUM

  • CVE-2020-35737 - In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.
    Published: December 30, 2020; 3:15:15 PM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM