National Vulnerability Database

National Vulnerability Database

NVD

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS Version 3.1 Official Support!
CVSS Version 3.1 Official Support!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2021-37146 - An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in ros_comm via a crafted XMLRPC call.
    Published: September 28, 2021; 9:15:07 AM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2021-34408 - The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. This could allow for potential privilege escalation i... read CVE-2021-34408
    Published: September 27, 2021; 10:15:08 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2021-37104 - There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker... read CVE-2021-37104
    Published: September 28, 2021; 11:15:07 AM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2021-37105 - There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to th... read CVE-2021-37105
    Published: September 28, 2021; 11:15:07 AM -0400

    V3.1: 7.5 HIGH
     V2.0: 4.3 MEDIUM

  • CVE-2021-39853 - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achie... read CVE-2021-39853
    Published: September 29, 2021; 12:15:10 PM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-33907 - The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead to remote code execution in an elevated p... read CVE-2021-33907
    Published: September 27, 2021; 10:15:08 AM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 10.0 HIGH

  • CVE-2021-34411 - During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with elevated privileges such as by SCCM this can... read CVE-2021-34411
    Published: September 27, 2021; 10:15:08 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2021-34415 - The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of resources and system crash.
    Published: September 27, 2021; 10:15:08 AM -0400

    V3.1: 7.5 HIGH
     V2.0: 7.8 HIGH

  • CVE-2021-39854 - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achie... read CVE-2021-39854
    Published: September 29, 2021; 12:15:10 PM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-37106 - There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but th... read CVE-2021-37106
    Published: September 28, 2021; 11:15:07 AM -0400

    V3.1: 7.2 HIGH
     V2.0: 9.0 HIGH

  • CVE-2020-20120 - ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods.
    Published: September 28, 2021; 7:15:07 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2021-41753 - A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client via sending specific spoofed SAE authentication... read CVE-2021-41753
    Published: September 27, 2021; 1:15:08 PM -0400

    V3.1: 7.5 HIGH
     V2.0: 7.8 HIGH

  • CVE-2021-20035 - Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.
    Published: September 27, 2021; 2:15:08 PM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 6.8 MEDIUM

  • CVE-2021-20034 - An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
    Published: September 27, 2021; 2:15:08 PM -0400

    V3.1: 9.1 CRITICAL
     V2.0: 6.4 MEDIUM

  • CVE-2021-39858 - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context... read CVE-2021-39858
    Published: September 29, 2021; 12:15:10 PM -0400

    V3.1: 3.3 LOW
     V2.0: 4.3 MEDIUM

  • CVE-2021-34412 - During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with elevated privileges such as by SCCM this can result in a loca... read CVE-2021-34412
    Published: September 27, 2021; 10:15:08 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2021-39861 - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context... read CVE-2021-39861
    Published: September 29, 2021; 12:15:11 PM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-34409 - User-writable pre and post-install scripts unpacked during the Zoom Client for Meetings for MacOS installation before version 5.2.0 allow for privilege escalation to root.
    Published: September 27, 2021; 10:15:08 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 7.2 HIGH

  • CVE-2020-20122 - Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.
    Published: September 28, 2021; 7:15:07 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2021-39863 - Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could lev... read CVE-2021-39863
    Published: September 29, 2021; 12:15:11 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.8 MEDIUM