The Wayback Machine - https://web.archive.org/web/20201203090912/https://nvd.nist.gov/

National Vulnerability Database

National Vulnerability Database

NVD

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS Version 3.1 Official Support!
CVSS Version 3.1 Official Support!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2020-15481 - An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory into ... read CVE-2020-15481
    Published: November 13, 2020; 4:15:12 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 7.2 HIGH

  • CVE-2020-12912 - A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated... read CVE-2020-12912
    Published: November 12, 2020; 3:15:15 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2020-29280 - The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.
    Published: December 02, 2020; 5:15:10 PM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-29288 - An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable.
    Published: December 02, 2020; 5:15:10 PM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-29287 - An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.
    Published: December 02, 2020; 5:15:10 PM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-15247 - October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage... read CVE-2020-15247
    Published: November 23, 2020; 3:15:12 PM -0500

    V3.1: 5.2 MEDIUM
     V2.0: 4.4 MEDIUM

  • CVE-2020-4788 - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
    Published: November 19, 2020; 11:15:11 PM -0500

    V3.1: 4.7 MEDIUM
     V2.0: 1.9 LOW

  • CVE-2020-28845 - A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system.
    Published: November 20, 2020; 3:15:13 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 9.3 HIGH

  • CVE-2020-7928 - A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; ... read CVE-2020-7928
    Published: November 23, 2020; 12:15:12 PM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2020-27985 - Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>/SecurityOnion/setup/so-setup.
    Published: November 23, 2020; 9:15:12 AM -0500

    V3.1: 7.8 HIGH
     V2.0: 7.2 HIGH

  • CVE-2020-28421 - CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.
    Published: November 23, 2020; 11:15:13 AM -0500

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2020-7925 - Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects: MongoDB Inc. MongoDB Serve... read CVE-2020-7925
    Published: November 23, 2020; 10:15:11 AM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2018-20803 - A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks. This issue affects: MongoDB Inc. MongoDB Server v4.0 version... read CVE-2018-20803
    Published: November 23, 2020; 1:15:10 PM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2020-26554 - REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML e-mail message.
    Published: November 18, 2020; 12:15:11 PM -0500

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-8351 - A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.
    Published: November 30, 2020; 2:15:12 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2020-10762 - An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. This includes recording passwords to the cmd_history.log file which is world-readable. This flaw allows local us... read CVE-2020-10762
    Published: November 24, 2020; 12:15:10 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2020-6879 - Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the... read CVE-2020-6879
    Published: November 19, 2020; 12:15:13 PM -0500

    V3.1: 3.5 LOW
     V2.0: 2.7 LOW

  • CVE-2020-7562 - A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buff... read CVE-2020-7562
    Published: November 18, 2020; 9:15:12 AM -0500

    V3.1: 8.1 HIGH
     V2.0: 5.8 MEDIUM

  • CVE-2020-7563 - A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, ... read CVE-2020-7563
    Published: November 18, 2020; 9:15:13 AM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2020-7564 - A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for detai... read CVE-2020-7564
    Published: November 18, 2020; 9:15:13 AM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM