National Vulnerability Database

National Vulnerability Database

NVD

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS Version 3.1 Official Support!
CVSS Version 3.1 Official Support!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2021-34709 - Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an auth... read CVE-2021-34709
    Published: September 09, 2021; 1:15:10 AM -0400

    V3.1: 6.4 MEDIUM
     V2.0: 6.9 MEDIUM

  • CVE-2021-39251 - A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.
    Published: September 07, 2021; 11:15:07 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2021-35267 - NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.
    Published: September 07, 2021; 11:15:07 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2021-35266 - In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.
    Published: September 07, 2021; 11:15:07 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2021-33287 - In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.
    Published: September 07, 2021; 11:15:07 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2021-39257 - A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.
    Published: September 07, 2021; 11:15:08 AM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 4.7 MEDIUM

  • CVE-2021-39256 - A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22.
    Published: September 07, 2021; 11:15:08 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2021-39254 - A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.
    Published: September 07, 2021; 11:15:07 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2021-39253 - A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.
    Published: September 07, 2021; 11:15:07 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2021-39258 - A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22.
    Published: September 07, 2021; 11:15:08 AM -0400

    V3.1: 7.8 HIGH
     V2.0: 6.9 MEDIUM

  • CVE-2021-34718 - A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments tha... read CVE-2021-34718
    Published: September 09, 2021; 1:15:11 AM -0400

    V3.1: 8.1 HIGH
     V2.0: 8.5 HIGH

  • CVE-2021-35976 - The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim's browser by using the li... read CVE-2021-35976
    Published: September 10, 2021; 8:15:13 AM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-33256 - ** DISPUTED ** A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could b... read CVE-2021-33256
    Published: August 09, 2021; 10:15:31 AM -0400

    V3.1: 8.8 HIGH
     V2.0: 9.3 HIGH

  • CVE-2021-1106 - NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data ... read CVE-2021-1106
    Published: August 11, 2021; 6:15:07 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2021-1107 - NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components.
    Published: August 11, 2021; 6:15:08 PM -0400

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2021-34708 - Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an auth... read CVE-2021-34708
    Published: September 09, 2021; 1:15:07 AM -0400

    V3.1: 6.7 MEDIUM
     V2.0: 7.2 HIGH

  • CVE-2021-1108 - NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all process... read CVE-2021-1108
    Published: August 11, 2021; 6:15:08 PM -0400

    V3.1: 7.3 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2021-1109 - NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams.
    Published: August 11, 2021; 6:15:08 PM -0400

    V3.1: 6.3 MEDIUM
     V2.0: 3.3 LOW

  • CVE-2021-1110 - NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerability in camera firmware where a user can change input data after validation, which may lead to complete denial of service and serious data corruption of all kernel components.
    Published: August 11, 2021; 6:15:08 PM -0400

    V3.1: 7.1 HIGH
     V2.0: 6.6 MEDIUM

  • CVE-2021-38331 - The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the ~/wap/writer.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.13.2.
    Published: September 10, 2021; 10:15:09 AM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM