NVD - Home

NVD Release of CVMAP

CVSS Version 3.1 Official Support!

New NVD CVE/CPE API and Legacy SOAP Service Retirement!

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2020-16862 — A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka 'Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability... read CVE-2020-16862
Published: September 11, 2020; 01:15:17 PM -04:00

V3.1: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2020-16860 — A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka 'Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability... read CVE-2020-16860
Published: September 11, 2020; 01:15:17 PM -04:00

V3.1: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2020-16857 — A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11, aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability'.
Published: September 11, 2020; 01:15:16 PM -04:00

V3.1: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2020-25213 — The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows att... read CVE-2020-25213
Published: September 09, 2020; 12:15:12 PM -04:00

V3.1: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2020-15786 — A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions >= 14 and V < XX), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI Mobile Panels (All versions),... read CVE-2020-15786
Published: September 09, 2020; 03:15:19 PM -04:00

V3.1: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2020-15788 — A vulnerability has been identified in Polarion Subversion Webclient (All versions). The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted,... read CVE-2020-15788
Published: September 09, 2020; 03:15:20 PM -04:00

V3.1: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2020-15789 — A vulnerability has been identified in Polarion Subversion Webclient (All versions). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation... read CVE-2020-15789
Published: September 09, 2020; 03:15:20 PM -04:00

V3.1: 8.1 HIGH
V2: 5.8 MEDIUM
CVE-2020-15791 — A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions). The authentication protocol between a client and a PLC v... read CVE-2020-15791
Published: September 09, 2020; 03:15:20 PM -04:00

V3.1: 6.5 MEDIUM
V2: 3.3 LOW
CVE-2020-7315 — DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL.
Published: September 10, 2020; 06:15:11 AM -04:00

V3.1: 6.7 MEDIUM
V2: 4.6 MEDIUM
CVE-2020-24194 — A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter.
Published: September 09, 2020; 10:15:12 AM -04:00

V3.1: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-15418 — A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected s... read CVE-2018-15418
Published: October 05, 2018; 10:29:10 AM -04:00

V3.1: 7.8 HIGH
V2: 9.3 HIGH
CVE-2020-7325 — Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintende... read CVE-2020-7325
Published: September 09, 2020; 06:15:11 AM -04:00

V3.1: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2020-14342 — It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this... read CVE-2020-14342
Published: September 09, 2020; 08:15:11 AM -04:00

V3.1: 7.0 HIGH
V2: 4.4 MEDIUM
CVE-2020-25212 — A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b... read CVE-2020-25212
Published: September 09, 2020; 12:15:12 PM -04:00

V3.1: 7.0 HIGH
V2: 4.4 MEDIUM
CVE-2020-25211 — In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_connt... read CVE-2020-25211
Published: September 09, 2020; 12:15:12 PM -04:00

V3.1: 7.1 HIGH
V2: 3.6 LOW
CVE-2020-15787 — A vulnerability has been identified in SIMATIC HMI United Comfort Panels (All versions). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the wh... read CVE-2020-15787
Published: September 09, 2020; 03:15:19 PM -04:00

V3.1: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2020-15790 — A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). If configured in an insecure manner, the web server might be susceptible to a directory listing attack.
Published: September 09, 2020; 03:15:20 PM -04:00

V3.1: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2020-15784 — A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage of sensitive information in the configuration files could allow the retrieval of user names.
Published: September 09, 2020; 03:15:19 PM -04:00

V3.1: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2020-10056 — A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local us... read CVE-2020-10056
Published: September 09, 2020; 03:15:18 PM -04:00

V3.1: 7.8 HIGH
V2: 7.2 HIGH
CVE-2020-10051 — A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker t... read CVE-2020-10051
Published: September 09, 2020; 03:15:18 PM -04:00

V3.1: 7.8 HIGH
V2: 7.2 HIGH

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database