National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2020-6816 — In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False.
    Published: March 24, 2020; 06:15:12 PM -04:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-6802 — In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.
    Published: March 24, 2020; 06:15:12 PM -04:00

    V3.1: 6.1 MEDIUM
        V2: 4.3 MEDIUM

  • CVE-2020-3450 — A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative credentials to conduct SQL injection attacks on an affected system. The vulnerability is... read CVE-2020-3450
    Published: July 16, 2020; 02:15:19 PM -04:00

    V3.1: 4.9 MEDIUM
        V2: 4.0 MEDIUM

  • CVE-2020-14494 — OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no mor... read CVE-2020-14494
    Published: July 20, 2020; 11:15:12 AM -04:00

    V3.1: 9.8 CRITICAL
        V2: 5.0 MEDIUM

  • CVE-2020-8214 — A path traversal vulnerability in servey version < 3 allows an attacker to read content of any arbitrary file.
    Published: July 20, 2020; 12:15:12 PM -04:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2020-7206 — HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability.
    Published: July 17, 2020; 06:15:11 PM -04:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2020-7818 — DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
    Published: July 17, 2020; 06:15:11 PM -04:00

    V3.1: 7.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2020-5769 — Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in... read CVE-2020-5769
    Published: July 17, 2020; 06:15:11 PM -04:00

    V3.1: 5.4 MEDIUM
        V2: 3.5 LOW

  • CVE-2019-20839 — libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.
    Published: June 17, 2020; 12:15:11 PM -04:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2019-20840 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.
    Published: June 17, 2020; 12:15:11 PM -04:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2018-21247 — An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.
    Published: June 17, 2020; 12:15:11 PM -04:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2020-14397 — An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
    Published: June 17, 2020; 12:15:11 PM -04:00

    V3.1: 7.5 HIGH
        V2: 5.0 MEDIUM

  • CVE-2020-9650 — Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
    Published: July 16, 2020; 08:15:11 PM -04:00

    V3.1: 7.8 HIGH
        V2: 6.8 MEDIUM

  • CVE-2020-5756 — Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.
    Published: July 17, 2020; 05:15:13 PM -04:00

    V3.1: 8.8 HIGH
        V2: 9.0 HIGH

  • CVE-2020-9670 — Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to privilege escalation.
    Published: July 16, 2020; 08:15:11 PM -04:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2020-9671 — Adobe Creative Cloud Desktop Application versions 5.1 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.
    Published: July 16, 2020; 08:15:11 PM -04:00

    V3.1: 9.8 CRITICAL
        V2: 7.5 HIGH

  • CVE-2020-3146 — Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker t... read CVE-2020-3146
    Published: July 16, 2020; 02:15:16 PM -04:00

    V3.1: 8.8 HIGH
        V2: 9.0 HIGH

  • CVE-2020-15110 — In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12.
    Published: July 17, 2020; 05:15:12 PM -04:00

    V3.1: 8.1 HIGH
        V2: 5.5 MEDIUM

  • CVE-2020-9682 — Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to arbitrary file system write.
    Published: July 16, 2020; 08:15:12 PM -04:00

    V3.1: 9.8 CRITICAL
        V2: 10.0 HIGH

  • CVE-2020-4464 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489.
    Published: July 17, 2020; 10:15:11 AM -04:00

    V3.1: 8.8 HIGH
        V2: 9.0 HIGH