National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2020-2169 — A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability.
    Published: March 25, 2020; 01:15:15 PM -04:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-2164 — Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.
    Published: March 25, 2020; 01:15:15 PM -04:00

    V3.1: 6.5 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2020-2170 — Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.
    Published: March 25, 2020; 01:15:15 PM -04:00

    V3.1: 5.4 MEDIUM
        V2: 3.5 LOW

  • CVE-2019-20612 — An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Broadcom Wi-Fi, and SEC Wi-Fi chipsets) software. Wi-Fi allows a denial of service via TCP SYN packets. The Samsung ID is SVE-2018-13162 (March 2019).
    Published: March 24, 2020; 04:15:13 PM -04:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2019-20578 — An issue was discovered on Samsung mobile devices with P(9.0) (Exynos 9820 chipsets) software. A Buffer overflow occurs when loading the UH Partition during Secure Boot. The Samsung ID is SVE-2019-14412 (August 2019).
    Published: March 24, 2020; 03:15:20 PM -04:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2020-3769 — Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.
    Published: March 25, 2020; 04:15:14 PM -04:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2020-2165 — Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
    Published: March 25, 2020; 01:15:15 PM -04:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2020-3808 — Creative Cloud Desktop Application versions 5.0 and earlier have a time-of-check to time-of-use (toctou) race condition vulnerability. Successful exploitation could lead to arbitrary file deletion.
    Published: March 25, 2020; 04:15:14 PM -04:00

    V3.1: 5.9 MEDIUM
        V2: 5.8 MEDIUM

  • CVE-2020-9551 — Adobe Bridge versions 10.0 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
    Published: March 25, 2020; 04:15:15 PM -04:00

    V3.1: 7.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2020-9552 — Adobe Bridge versions 10.0 have a heap-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
    Published: March 25, 2020; 04:15:16 PM -04:00

    V3.1: 7.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2019-20587 — An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (with TEEGRIS) software. There is type confusion in the MLDAP Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14867 (August 2019).
    Published: March 24, 2020; 03:15:20 PM -04:00

    V3.1: 9.8 CRITICAL
        V2: 10.0 HIGH

  • CVE-2020-7005 — In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code.
    Published: March 24, 2020; 04:15:15 PM -04:00

    V3.1: 8.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2020-10931 — Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c.
    Published: March 24, 2020; 11:15:12 AM -04:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2020-6972 — In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser.
    Published: March 24, 2020; 01:15:11 PM -04:00

    V3.1: 9.1 CRITICAL
        V2: 6.4 MEDIUM

  • CVE-2019-20582 — An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) devices (Exynos9810 chipsets) software. There is a use after free in the ion driver. The Samsung ID is SVE-2019-14837 (August 2019).
    Published: March 24, 2020; 03:15:20 PM -04:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2020-10963 — FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this p... read CVE-2020-10963
    Published: March 25, 2020; 06:15:12 PM -04:00

    V3.1: 7.2 HIGH
        V2: 6.5 MEDIUM

  • CVE-2019-20586 — An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (with TEEGRIS) software. There is type confusion in the FINGERPRINT Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14864 (August 2019).
    Published: March 24, 2020; 03:15:20 PM -04:00

    V3.1: 9.8 CRITICAL
        V2: 10.0 HIGH

  • CVE-2019-20536 — An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (released in China) software. The Firewall application mishandles the PermissionWhiteLists protection mechanism. The Samsung ID is SVE-2019-14299 (November 2019).
    Published: March 24, 2020; 02:15:13 PM -04:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2019-20537 — An issue was discovered on Samsung mobile devices with P(9.0) (TEEGRIS and Qualcomm chipsets). There is arbitrary memory overwrite in the SEM Trustlet, leading to arbitrary code execution. The Samsung IDs are SVE-2019-14651, SVE-2019-14666 (November... read CVE-2019-20537
    Published: March 24, 2020; 02:15:13 PM -04:00

    V3.1: 9.8 CRITICAL
        V2: 10.0 HIGH

  • CVE-2020-10964 — Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.
    Published: March 25, 2020; 06:15:12 PM -04:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH