NVD

NVD Release of CVMAP

CVSS Version 3.1 Official Support!

New NVD CVE/CPE API and Legacy SOAP Service Retirement!

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2020-8539 - Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addi... read CVE-2020-8539
Published: December 01, 2020; 1:15:12 PM -0500

V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2020-26244 - Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algorithm was ... read CVE-2020-26244
Published: December 02, 2020; 3:15:13 PM -0500

V3.1: 6.8 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2020-25265 - AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components.
Published: December 02, 2020; 12:15:14 PM -0500

V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2012-0955 - software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under pytho... read CVE-2012-0955
Published: December 01, 2020; 8:15:11 PM -0500

V3.1: 7.4 HIGH
V2.0: 5.8 MEDIUM
CVE-2020-13531 - A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual USD files. A specially crafted file can trigger the reuse of a freed memory which can result in further memory corruption and arbitrary code execu... read CVE-2020-13531
Published: December 03, 2020; 12:15:11 PM -0500

V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-27760 - In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The pa... read CVE-2020-27760
Published: December 03, 2020; 12:15:12 PM -0500

V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-27761 - WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. Th... read CVE-2020-27761
Published: December 03, 2020; 12:15:12 PM -0500

V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2020-27762 - A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead ... read CVE-2020-27762
Published: December 03, 2020; 12:15:12 PM -0500

V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-27763 - A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to appl... read CVE-2020-27763
Published: December 03, 2020; 12:15:12 PM -0500

V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2020-27764 - In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Re... read CVE-2020-27764
Published: December 03, 2020; 12:15:13 PM -0500

V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2020-27770 - Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by Ima... read CVE-2020-27770
Published: December 04, 2020; 10:15:10 AM -0500

V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-27767 - A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This wo... read CVE-2020-27767
Published: December 04, 2020; 10:15:10 AM -0500

V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2018-1073 - The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.
Published: June 19, 2018; 8:29:00 AM -0400

V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2020-27765 - A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to app... read CVE-2020-27765
Published: December 04, 2020; 10:15:10 AM -0500

V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2020-25688 - A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an... read CVE-2020-25688
Published: November 23, 2020; 5:15:12 PM -0500

V3.1: 3.5 LOW
V2.0: 2.7 LOW
CVE-2020-15257 - containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for t... read CVE-2020-15257
Published: November 30, 2020; 10:15:11 PM -0500

V3.1: 5.2 MEDIUM
V2.0: 3.6 LOW
CVE-2020-27348 - In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue aff... read CVE-2020-27348
Published: December 03, 2020; 10:15:12 PM -0500

V3.1: 6.8 MEDIUM
V2.0: 4.4 MEDIUM
CVE-2020-26212 - GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated u... read CVE-2020-26212
Published: November 25, 2020; 12:15:12 PM -0500

V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-7378 - CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to a... read CVE-2020-7378
Published: November 24, 2020; 12:15:11 PM -0500

V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2020-26933 - Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-... read CVE-2020-26933
Published: November 18, 2020; 12:15:11 PM -0500

V3.1: 6.0 MEDIUM
V2.0: 3.6 LOW

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database