U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2022-41916 - Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as w... read CVE-2022-41916
    Published: November 15, 2022; 6:15:27 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2022-45473 - In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666.
    Published: November 18, 2022; 1:15:10 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2022-45474 - drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request.
    Published: November 18, 2022; 1:15:10 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2022-1785 - Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.
    Published: May 19, 2022; 9:15:07 AM -0400

    V3.1: 7.8 HIGH
    V2.0: 4.6 MEDIUM

  • CVE-2022-29930 - SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1.
    Published: May 12, 2022; 5:15:14 AM -0400

    V3.1: 4.9 MEDIUM
    V2.0: 4.0 MEDIUM

  • CVE-2018-10753 - Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
    Published: May 04, 2018; 10:29:00 PM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2018-10771 - Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
    Published: May 06, 2018; 10:29:00 PM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2019-1010069 - moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef5... read CVE-2019-1010069
    Published: July 18, 2019; 10:15:11 AM -0400

    V3.1: 5.5 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2018-3847 - Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An ... read CVE-2018-3847
    Published: August 01, 2018; 3:29:00 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2018-3846 - In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and pot... read CVE-2018-3846
    Published: April 16, 2018; 12:29:00 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2018-3862 - A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting
    Published: April 12, 2018; 3:29:00 PM -0400

    V3.1: 7.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2018-3855 - In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.
    Published: April 26, 2018; 4:29:00 PM -0400

    V3.1: 7.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2021-43033 - An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input (received by the ser... read CVE-2021-43033
    Published: December 05, 2021; 11:15:07 PM -0500

    V3.1: 9.8 CRITICAL
    V2.0: 10.0 HIGH

  • CVE-2021-43034 - An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation.
    Published: December 05, 2021; 11:15:07 PM -0500

    V3.1: 7.8 HIGH
    V2.0: 4.6 MEDIUM

  • CVE-2021-43035 - An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote ... read CVE-2021-43035
    Published: December 05, 2021; 11:15:07 PM -0500

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2021-43036 - An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak.
    Published: December 05, 2021; 11:15:07 PM -0500

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2021-43037 - An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged... read CVE-2021-43037
    Published: December 05, 2021; 11:15:07 PM -0500

    V3.1: 7.8 HIGH
    V2.0: 6.9 MEDIUM

  • CVE-2021-43038 - An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account could execute commands by injecting into PostgreSQL trigger functions. This allowed privilege escalation from the wguest user to the postgres user.
    Published: December 05, 2021; 11:15:07 PM -0500

    V3.1: 8.8 HIGH
    V2.0: 6.5 MEDIUM

  • CVE-2021-43039 - An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access.
    Published: December 05, 2021; 11:15:07 PM -0500

    V3.1: 6.5 MEDIUM
    V2.0: 6.4 MEDIUM

  • CVE-2021-43040 - An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation.
    Published: December 05, 2021; 11:15:07 PM -0500

    V3.1: 8.8 HIGH
    V2.0: 6.5 MEDIUM