The Wayback Machine - https://web.archive.org/web/20210124222610/https://nvd.nist.gov/

National Vulnerability Database

National Vulnerability Database

NVD

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS Version 3.1 Official Support!
CVSS Version 3.1 Official Support!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2020-16119 - Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15... read CVE-2020-16119
    Published: January 13, 2021; 8:15:13 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2020-25533 - An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID i... read CVE-2020-25533
    Published: January 15, 2021; 5:15:13 PM -0500

    V3.1: 7.0 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2021-0209 - In Juniper Networks Junos OS Evolved an attacker sending certain valid BGP update packets may cause Junos OS Evolved to access an uninitialized pointer causing RPD to core leading to a Denial of Service (DoS). Continued receipt of these types of v... read CVE-2021-0209
    Published: January 15, 2021; 1:15:15 PM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 5.7 MEDIUM

  • CVE-2020-27270 - SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically pro... read CVE-2020-27270
    Published: January 19, 2021; 12:15:12 PM -0500

    V3.1: 5.7 MEDIUM
     V2.0: 2.9 LOW

  • CVE-2020-27272 - SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthentica... read CVE-2020-27272
    Published: January 19, 2021; 12:15:12 PM -0500

    V3.1: 5.7 MEDIUM
     V2.0: 2.9 LOW

  • CVE-2020-27276 - SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, ... read CVE-2020-27276
    Published: January 19, 2021; 12:15:12 PM -0500

    V3.1: 5.7 MEDIUM
     V2.0: 2.9 LOW

  • CVE-2020-27256 - In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin therapy settings.
    Published: January 19, 2021; 4:15:13 PM -0500

    V3.1: 6.8 MEDIUM
     V2.0: 4.6 MEDIUM

  • CVE-2020-15864 - An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that executes a payload when the user visits the /Account/Lo... read CVE-2020-15864
    Published: January 17, 2021; 3:15:12 PM -0500

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-2029 - Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with ne... read CVE-2021-2029
    Published: January 20, 2021; 10:15:47 AM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2021-2028 - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols t... read CVE-2021-2028
    Published: January 20, 2021; 10:15:47 AM -0500

    V3.1: 4.9 MEDIUM
     V2.0: 6.8 MEDIUM

  • CVE-2020-13134 - Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) admin users. All TOS versions with Secu... read CVE-2020-13134
    Published: January 19, 2021; 9:15:13 PM -0500

    V3.1: 4.8 MEDIUM
     V2.0: 3.5 LOW

  • CVE-2020-13133 - Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) unauthenticated users. All TOS versions... read CVE-2020-13133
    Published: January 19, 2021; 9:15:12 PM -0500

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-23342 - A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.
    Published: January 19, 2021; 9:15:11 AM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-4983 - IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands. IBM X-Force ID: 192586.
    Published: January 20, 2021; 10:15:42 AM -0500

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2020-28480 - The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanit... read CVE-2020-28480
    Published: January 19, 2021; 10:15:11 AM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-28479 - The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function.
    Published: January 19, 2021; 10:15:11 AM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2020-28470 - This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify() function and then written into the HTML page.
    Published: January 14, 2021; 5:15:13 AM -0500

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-25178 - An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potenti... read CVE-2021-25178
    Published: January 18, 2021; 3:15:13 AM -0500

    V3.1: 7.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-25176 - An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack... read CVE-2021-25176
    Published: January 18, 2021; 3:15:13 AM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-25177 - An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack... read CVE-2021-25177
    Published: January 18, 2021; 3:15:13 AM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM