NVD

NOTICE UPDATED - April, 25th 2024

NIST has updated the NVD program announcement page with additional information regarding recent concerns and the temporary delays in enrichment efforts.

New 2.0 APIs

Change Timeline

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement

New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2024-26586 - In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group ... read CVE-2024-26586
Published: February 22, 2024; 12:15:08 PM -0500

V3.1: 6.7 MEDIUM
CVE-2013-6381 - Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a lengt... read CVE-2013-6381
Published: November 26, 2013; 11:43:33 PM -0500

V2.0: 6.9 MEDIUM
CVE-2023-6683 - A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leadin... read CVE-2023-6683
Published: January 12, 2024; 2:15:11 PM -0500

V3.1: 6.5 MEDIUM
CVE-2023-4759 - Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this rep... read CVE-2023-4759
Published: September 12, 2023; 6:15:29 AM -0400

V3.1: 8.8 HIGH
CVE-2022-1153 - The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project's slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilt... read CVE-2022-1153
Published: April 25, 2022; 12:16:08 PM -0400

V3.1: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2019-3900 - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A gue... read CVE-2019-3900
Published: April 25, 2019; 11:29:00 AM -0400

V3.1: 7.7 HIGH
V2.0: 6.8 MEDIUM
CVE-2007-6420 - Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
Published: January 11, 2008; 7:46:00 PM -0500

V2.0: 4.3 MEDIUM
CVE-2022-46337 - A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could ... read CVE-2022-46337
Published: November 20, 2023; 4:15:07 AM -0500

V3.1: 9.8 CRITICAL
CVE-2012-0507 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availabili... read CVE-2012-0507
Published: June 07, 2012; 6:55:17 PM -0400

V2.0: 10.0 HIGH
CVE-2013-0431 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "... read CVE-2013-0431
Published: January 31, 2013; 9:55:01 AM -0500

V2.0: 5.0 MEDIUM
CVE-2013-2465 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrit... read CVE-2013-2465
Published: June 18, 2013; 6:55:02 PM -0400

V2.0: 10.0 HIGH
CVE-2013-2423 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information... read CVE-2013-2423
Published: April 17, 2013; 2:55:07 PM -0400

V2.0: 4.3 MEDIUM
CVE-2012-5076 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
Published: October 16, 2012; 5:55:02 PM -0400

V2.0: 10.0 HIGH
CVE-2013-0422 - Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object... read CVE-2013-0422
Published: January 10, 2013; 4:55:00 PM -0500

V2.0: 10.0 HIGH
CVE-2024-25300 - A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section.
Published: February 14, 2024; 2:15:10 PM -0500

V3.1: 4.8 MEDIUM
CVE-2024-25301 - Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php.
Published: February 14, 2024; 2:15:10 PM -0500

V3.1: 7.2 HIGH
CVE-2024-20929 - Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: DB Privileges). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with n... read CVE-2024-20929
Published: February 16, 2024; 9:15:47 PM -0500

V3.1: 6.5 MEDIUM
CVE-2024-20933 - Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with ne... read CVE-2024-20933
Published: February 16, 2024; 9:15:47 PM -0500

V3.1: 6.1 MEDIUM
CVE-2024-20935 - Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with ne... read CVE-2024-20935
Published: February 16, 2024; 9:15:48 PM -0500

V3.1: 6.1 MEDIUM
CVE-2024-1661 - A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to l... read CVE-2024-1661
Published: February 20, 2024; 8:15:08 AM -0500

V3.1: 5.5 MEDIUM

Created September 20, 2022 , Updated April 25, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: