NIST is currently working to establish a consortium to address challenges in the NVD program and develop improved tools and methods. You will temporarily see delays in analysis efforts during this transition. We apologize for the inconvenience and ask for your patience as we work to improve the NVD program.
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2018-8822 - Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by mali... read CVE-2018-8822
Published: March 20, 2018; 1:29:00 PM -0400 -
CVE-2021-3520 - There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash.... read CVE-2021-3520
Published: June 02, 2021; 9:15:13 AM -0400V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
-
CVE-2019-20838 - libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
Published: June 15, 2020; 1:15:09 PM -0400V3.1: 7.5 HIGH
V2.0: 4.3 MEDIUM
-
CVE-2022-35737 - SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
Published: August 03, 2022; 2:15:07 AM -0400V3.1: 7.5 HIGH
-
CVE-2019-20454 - An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which w... read CVE-2019-20454
Published: February 14, 2020; 9:15:10 AM -0500V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
-
CVE-2020-14155 - libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
Published: June 15, 2020; 1:15:10 PM -0400V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
-
CVE-2021-36976 - libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).
Published: July 20, 2021; 3:15:07 AM -0400V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
-
CVE-2021-31566 - An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trig... read CVE-2021-31566
Published: August 23, 2022; 12:15:09 PM -0400V3.1: 7.8 HIGH
-
CVE-2022-36227 - In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-... read CVE-2022-36227
Published: November 21, 2022; 9:15:11 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2020-8169 - curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
Published: December 14, 2020; 3:15:13 PM -0500V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
-
CVE-2020-8177 - curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
Published: December 14, 2020; 3:15:13 PM -0500V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
-
CVE-2020-8231 - Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
Published: December 14, 2020; 3:15:13 PM -0500V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
-
CVE-2020-8284 - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclos... read CVE-2020-8284
Published: December 14, 2020; 3:15:13 PM -0500V3.1: 3.7 LOW
V2.0: 4.3 MEDIUM
-
CVE-2020-8285 - curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
Published: December 14, 2020; 3:15:13 PM -0500V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
-
CVE-2020-8286 - curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
Published: December 14, 2020; 3:15:14 PM -0500V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
-
CVE-2021-22876 - curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatica... read CVE-2021-22876
Published: April 01, 2021; 2:15:12 PM -0400V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
-
CVE-2021-22890 - curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving ... read CVE-2021-22890
Published: April 01, 2021; 2:15:12 PM -0400V3.1: 3.7 LOW
V2.0: 4.3 MEDIUM
-
CVE-2021-22897 - curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "stati... read CVE-2021-22897
Published: June 11, 2021; 12:15:10 PM -0400V3.1: 5.3 MEDIUM
V2.0: 4.3 MEDIUM
-
CVE-2021-22898 - curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending... read CVE-2021-22898
Published: June 11, 2021; 12:15:11 PM -0400 -
CVE-2021-22901 - curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to poten... read CVE-2021-22901
Published: June 11, 2021; 12:15:11 PM -0400V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM