National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2016-6497 — main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.
    Published: January 18, 2017; 05:59:00 PM -05:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2020-7658 — meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing.
    Published: May 22, 2020; 12:15:10 PM -04:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-13414 — An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software.
    Published: May 22, 2020; 05:15:12 PM -04:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2020-1983 — A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
    Published: April 22, 2020; 04:15:11 PM -04:00

    V3.1: 6.5 MEDIUM
        V2: 2.1 LOW

  • CVE-2020-11793 — A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).
    Published: April 17, 2020; 09:15:12 AM -04:00

    V3.1: 8.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2020-12888 — The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
    Published: May 15, 2020; 02:15:13 PM -04:00

    V3.1: 5.3 MEDIUM
        V2: 4.7 MEDIUM

  • CVE-2020-12826 — A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child pro... read CVE-2020-12826
    Published: May 12, 2020; 03:15:11 PM -04:00

    V3.1: 5.3 MEDIUM
        V2: 4.4 MEDIUM

  • CVE-2020-12431 — A Windows privilege change issue was discovered in Splashtop Software Updater before 1.5.6.16. Insecure permissions on the configuration file and named pipe allow for local privilege escalation to NT AUTHORITY/SYSTEM, by forcing a permission change t... read CVE-2020-12431
    Published: May 21, 2020; 01:15:10 PM -04:00

    V3.1: 7.1 HIGH
        V2: 6.3 MEDIUM

  • CVE-2020-4348 — IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414
    Published: May 27, 2020; 10:15:11 AM -04:00

    V3.1: 6.5 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2020-10936 — Sympa before 6.2.56 allows privilege escalation.
    Published: May 27, 2020; 02:15:12 PM -04:00

    V3.1: 7.8 HIGH
        V2: 7.2 HIGH

  • CVE-2020-8603 — A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability... read CVE-2020-8603
    Published: May 27, 2020; 07:15:11 PM -04:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-8606 — A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance.
    Published: May 27, 2020; 07:15:11 PM -04:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2020-8605 — A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability.
    Published: May 27, 2020; 07:15:11 PM -04:00

    V3.1: 8.8 HIGH
        V2: 6.5 MEDIUM

  • CVE-2020-8604 — A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations.
    Published: May 27, 2020; 07:15:11 PM -04:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2020-4226 — IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Forc... read CVE-2020-4226
    Published: May 27, 2020; 10:15:11 AM -04:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2020-1149 — An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020... read CVE-2020-1149
    Published: May 21, 2020; 07:15:16 PM -04:00

    V3.1: 7.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2020-3184 — A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-ba... read CVE-2020-3184
    Published: May 22, 2020; 02:15:10 AM -04:00

    V3.1: 7.2 HIGH
        V2: 6.5 MEDIUM

  • CVE-2020-3272 — A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incom... read CVE-2020-3272
    Published: May 22, 2020; 02:15:10 AM -04:00

    V3.1: 7.5 HIGH
        V2: 7.8 HIGH

  • CVE-2020-3280 — A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deseri... read CVE-2020-3280
    Published: May 22, 2020; 02:15:10 AM -04:00

    V3.1: 9.8 CRITICAL
        V2: 10.0 HIGH

  • CVE-2018-1000517 — BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectiv... read CVE-2018-1000517
    Published: June 26, 2018; 12:29:01 PM -04:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH