National Vulnerability Database

National Vulnerability Database

NVD



NVD API Key Logo
NVD API Key
Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2021-3060 - An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code ... read CVE-2021-3060
    Published: November 10, 2021; 12:15:10 PM -0500

    V3.1: 8.1 HIGH
     V2.0: 9.3 HIGH

  • CVE-2021-3059 - An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges. Th... read CVE-2021-3059
    Published: November 10, 2021; 12:15:10 PM -0500

    V3.1: 8.1 HIGH
     V2.0: 7.6 HIGH

  • CVE-2021-3058 - An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PA... read CVE-2021-3058
    Published: November 10, 2021; 12:15:09 PM -0500

    V3.1: 7.2 HIGH
     V2.0: 9.0 HIGH

  • CVE-2021-3056 - A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions e... read CVE-2021-3056
    Published: November 10, 2021; 12:15:09 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 8.5 HIGH

  • CVE-2021-42021 - A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1), Siveillance Video DLNA Server (2020 R2), Siv... read CVE-2021-42021
    Published: November 09, 2021; 7:15:10 AM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2020-23890 - A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted JPG file. Related to Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at JPGCodec+0x753648.
    Published: November 10, 2021; 5:15:10 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-23891 - A User Mode Write AV in Editor+0x5cd7 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.
    Published: November 10, 2021; 5:15:10 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-23893 - A User Mode Write AV in Editor!TMethodImplementationIntercept+0x3c3682 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.
    Published: November 10, 2021; 5:15:10 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-23895 - A User Mode Write AV in Editor+0x76af of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.
    Published: November 10, 2021; 5:15:10 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-23896 - A User Mode Write AV in Editor+0x576b of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.
    Published: November 10, 2021; 5:15:10 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-23897 - A User Mode Write AV in Editor!TMethodImplementationIntercept+0x54dcec of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.
    Published: November 10, 2021; 5:15:10 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-23898 - A User Mode Write AV in Editor+0x5ea2 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.
    Published: November 10, 2021; 5:15:11 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-23894 - A User Mode Write AV in ntdll!RtlpCoalesceFreeBlocks+0x268 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.
    Published: November 10, 2021; 5:15:10 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-23899 - A User Mode Write AV in Editor+0x5f91 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.
    Published: November 10, 2021; 5:15:11 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-23900 - A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address controls Code Flow starting at Editor!TMethodImplementationIntercept+0x57a3b.
    Published: November 10, 2021; 5:15:11 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-23901 - A User Mode Write AV in Editor+0x5d15 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.
    Published: November 10, 2021; 5:15:11 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-40504 - A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only perm... read CVE-2021-40504
    Published: November 10, 2021; 11:15:08 AM -0500

    V3.1: 4.9 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2021-31853 - DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.
    Published: November 10, 2021; 4:15:07 AM -0500

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2021-42296 - Microsoft Word Remote Code Execution Vulnerability
    Published: November 09, 2021; 8:19:47 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2021-42291 - Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42287.
    Published: November 09, 2021; 8:19:46 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM