National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2020-7949 — schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call.
    Published: January 27, 2020; 12:15:12 PM -05:00

    V3.1: 7.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2020-7950 — meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a vulnerable function call... read CVE-2020-7950
    Published: January 27, 2020; 12:15:12 PM -05:00

    V3.1: 7.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2020-7951 — meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption.
    Published: January 27, 2020; 12:15:12 PM -05:00

    V3.1: 7.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2008-7314 — mIRC before 6.35 allows attackers to cause a denial of service (crash) via a long nickname.
    Published: January 23, 2020; 10:15:11 AM -05:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2020-7249 — SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on the WiFi Network Configuration page (after a successful login to the admin account).
    Published: January 20, 2020; 08:15:10 PM -05:00

    V3.1: 4.8 MEDIUM
        V2: 3.5 LOW

  • CVE-2020-7108 — The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field.
    Published: January 16, 2020; 12:15:12 AM -05:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-7996 — htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header.
    Published: January 26, 2020; 06:15:10 PM -05:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-8002 — A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS).
    Published: January 27, 2020; 12:15:12 AM -05:00

    V3.1: 5.5 MEDIUM
        V2: 2.1 LOW

  • CVE-2020-8003 — A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a... read CVE-2020-8003
    Published: January 27, 2020; 12:15:13 AM -05:00

    V3.1: 5.5 MEDIUM
        V2: 2.1 LOW

  • CVE-2013-1597 — A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials.
    Published: January 24, 2020; 02:15:11 PM -05:00

    V3.1: 6.5 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2020-6843 — Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
    Published: January 23, 2020; 10:15:14 AM -05:00

    V3.1: 4.8 MEDIUM
        V2: 3.5 LOW

  • CVE-2019-1414 — An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'.
    Published: January 24, 2020; 04:15:13 PM -05:00

    V3.1: 7.8 HIGH
        V2: 7.2 HIGH

  • CVE-2013-4175 — MySecureShell 1.31 has a Local Denial of Service Vulnerability
    Published: January 23, 2020; 10:15:12 AM -05:00

    V3.1: 5.5 MEDIUM
        V2: 2.1 LOW

  • CVE-2018-8654 — An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'.
    Published: January 24, 2020; 04:15:12 PM -05:00

    V3.1: 6.5 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2013-4176 — mysecureshell 1.31: Local Information Disclosure Vulnerability
    Published: January 23, 2020; 10:15:12 AM -05:00

    V3.1: 5.5 MEDIUM
        V2: 2.1 LOW

  • CVE-2019-1454 — An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.
    Published: January 24, 2020; 04:15:13 PM -05:00

    V3.1: 5.5 MEDIUM
        V2: 3.6 LOW

  • CVE-2020-7981 — sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data.
    Published: January 25, 2020; 03:15:09 PM -05:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2019-5124 — An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vuln... read CVE-2019-5124
    Published: January 25, 2020; 01:15:12 PM -05:00

    V3.1: 8.6 HIGH
        V2: 7.8 HIGH

  • CVE-2019-5146 — An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vuln... read CVE-2019-5146
    Published: January 25, 2020; 01:15:12 PM -05:00

    V3.1: 8.6 HIGH
        V2: 7.8 HIGH

  • CVE-2019-5147 — An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulne... read CVE-2019-5147
    Published: January 25, 2020; 01:15:12 PM -05:00

    V3.1: 8.6 HIGH
        V2: 7.8 HIGH