NVD

NVD API Key

NVD Release of CVMAP

New NVD CVE/CPE API and Legacy SOAP Service Retirement!

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2021-31364 - An Improper Check for Unusual or Exceptional Conditions vulnerability combined with a Race Condition in the flow daemon (flowd) of Juniper Networks Junos OS on SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2 allows an unauthent... read CVE-2021-31364
Published: October 19, 2021; 3:15:09 PM -0400

V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-2483 - Vulnerability in the Oracle Content Manager product of Oracle E-Business Suite (component: Content Item Manager). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network ... read CVE-2021-2483
Published: October 20, 2021; 7:16:18 AM -0400

V3.1: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2021-2484 - Vulnerability in the Oracle Operations Intelligence product of Oracle E-Business Suite (component: BIS Operations Intelligence). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacke... read CVE-2021-2484
Published: October 20, 2021; 7:16:19 AM -0400

V3.1: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2021-2485 - Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Quotes). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HT... read CVE-2021-2485
Published: October 20, 2021; 7:16:19 AM -0400

V3.1: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2021-35536 - Vulnerability in the Oracle Deal Management product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access ... read CVE-2021-35536
Published: October 20, 2021; 7:16:28 AM -0400

V3.1: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2021-38481 - The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID provided to the function. An attacker may send a malicious payload that can enable the user to execute anot... read CVE-2021-38481
Published: October 22, 2021; 8:15:09 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-41745 - ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.
Published: October 22, 2021; 8:15:09 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-0651 - In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User inter... read CVE-2021-0651
Published: October 22, 2021; 10:15:07 AM -0400

V3.1: 5.5 MEDIUM
V2.0: 4.7 MEDIUM
CVE-2021-0652 - In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges ... read CVE-2021-0652
Published: October 22, 2021; 10:15:08 AM -0400

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-0702 - In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... read CVE-2021-0702
Published: October 22, 2021; 10:15:08 AM -0400

V3.1: 5.5 MEDIUM
V2.0: 1.9 LOW
CVE-2021-0703 - In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges neede... read CVE-2021-0703
Published: October 22, 2021; 10:15:08 AM -0400

V3.1: 6.8 MEDIUM
V2.0: 7.2 HIGH
CVE-2021-0706 - In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction... read CVE-2021-0706
Published: October 22, 2021; 10:15:08 AM -0400

V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2021-0705 - In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with n... read CVE-2021-0705
Published: October 22, 2021; 10:15:08 AM -0400

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-0708 - In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not nee... read CVE-2021-0708
Published: October 22, 2021; 10:15:08 AM -0400

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-0870 - In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product:... read CVE-2021-0870
Published: October 22, 2021; 10:15:08 AM -0400

V3.1: 8.1 HIGH
V2.0: 9.3 HIGH
CVE-2019-9508 - The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to stored XSS. A remote attacker authenticated with an administrator account could store a maliciously named file within the web application that would execute each ti... read CVE-2019-9508
Published: March 30, 2020; 6:15:14 PM -0400

V3.1: 3.5 LOW
V2.0: 3.5 LOW
CVE-2019-9530 - The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file ... read CVE-2019-9530
Published: October 10, 2019; 4:15:11 PM -0400

V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2019-9535 - A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. ... read CVE-2019-9535
Published: October 09, 2019; 4:15:33 PM -0400

V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2019-9541 - : Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior ... read CVE-2019-9541
Published: January 03, 2020; 5:15:13 PM -0500

V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-10737 - A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership... read CVE-2020-10737
Published: May 26, 2020; 9:15:09 PM -0400

V3.1: 6.3 MEDIUM
V2.0: 3.7 LOW

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database