National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2020-11985 — IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in... read CVE-2020-11985
    Published: August 07, 2020; 12:15:11 PM -04:00

    V3.1: 5.3 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-11993 — Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLev... read CVE-2020-11993
    Published: August 07, 2020; 12:15:11 PM -04:00

    V3.1: 7.5 HIGH
        V2: 4.3 MEDIUM

  • CVE-2020-11984 — Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
    Published: August 07, 2020; 12:15:11 PM -04:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2020-15114 — In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the e... read CVE-2020-15114
    Published: August 06, 2020; 07:15:11 PM -04:00

    V3.1: 7.7 HIGH
        V2: 4.0 MEDIUM

  • CVE-2020-15115 — etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computa... read CVE-2020-15115
    Published: August 06, 2020; 06:15:12 PM -04:00

    V3.1: 5.8 MEDIUM
        V2: 5.0 MEDIUM

  • CVE-2020-8575 — Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS).
    Published: August 03, 2020; 01:15:12 PM -04:00

    V3.1: 4.4 MEDIUM
        V2: 2.1 LOW

  • CVE-2014-1422 — In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creatio... read CVE-2014-1422
    Published: July 22, 2020; 02:15:11 PM -04:00

    V3.1: 5.0 MEDIUM
        V2: 1.9 LOW

  • CVE-2020-16227 — Delta Electronics TPEditor Versions 1.97 and prior. An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a user. Successful exploitation of this vulnerability may allow... read CVE-2020-16227
    Published: August 06, 2020; 08:15:11 PM -04:00

    V3.1: 7.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2020-16225 — Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute... read CVE-2020-16225
    Published: August 06, 2020; 08:15:11 PM -04:00

    V3.1: 7.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2020-16223 — Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute... read CVE-2020-16223
    Published: August 06, 2020; 08:15:11 PM -04:00

    V3.1: 7.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2020-16221 — Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute... read CVE-2020-16221
    Published: August 06, 2020; 08:15:11 PM -04:00

    V3.1: 7.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2020-16219 — Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrar... read CVE-2020-16219
    Published: August 06, 2020; 08:15:11 PM -04:00

    V3.1: 7.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2020-15057 — TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values.
    Published: August 07, 2020; 06:15:12 PM -04:00

    V3.1: 6.5 MEDIUM
        V2: 6.1 MEDIUM

  • CVE-2020-15056 — TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.
    Published: August 07, 2020; 06:15:12 PM -04:00

    V3.1: 4.3 MEDIUM
        V2: 2.3 LOW

  • CVE-2020-15055 — TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
    Published: August 07, 2020; 06:15:12 PM -04:00

    V3.1: 8.8 HIGH
        V2: 8.3 HIGH

  • CVE-2020-15054 — TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
    Published: August 07, 2020; 06:15:12 PM -04:00

    V3.1: 8.8 HIGH
        V2: 3.3 LOW

  • CVE-2020-15061 — Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values.
    Published: August 07, 2020; 06:15:13 PM -04:00

    V3.1: 6.5 MEDIUM
        V2: 6.1 MEDIUM

  • CVE-2020-15060 — Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.
    Published: August 07, 2020; 06:15:13 PM -04:00

    V3.1: 4.3 MEDIUM
        V2: 2.3 LOW

  • CVE-2020-15059 — Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
    Published: August 07, 2020; 06:15:13 PM -04:00

    V3.1: 8.8 HIGH
        V2: 8.3 HIGH

  • CVE-2020-15058 — Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
    Published: August 07, 2020; 06:15:13 PM -04:00

    V3.1: 8.8 HIGH
        V2: 3.3 LOW