2025-03-05 18:59:57 +00:00
<!DOCTYPE html>
< html lang = "en" >
< head >
< title > NVD - Home< / title >
< meta http-equiv = "content-type" content = "text/html; charset=UTF-8" / >
< meta http-equiv = "content-style-type" content = "text/css" / >
< meta http-equiv = "content-script-type" content = "text/javascript" / >
< meta name = "viewport" content = "width=device-width, initial-scale=1.0" / >
< link href = "/site-scripts/font-awesome/css/font-awesome.min.css"
type="text/css" rel="stylesheet" />
< link href = "/site-media/bootstrap/css/bootstrap.min.css"
type="text/css" rel="stylesheet" />
< link href = "/site-media/bootstrap/css/bootstrap-theme.min.css"
type="text/css" rel="stylesheet" />
< link
href="/site-scripts/eonasdan-bootstrap-datetimepicker/build/css/bootstrap-datetimepicker.min.css"
type="text/css" rel="stylesheet" />
< link href = "/site-media/css/nist-fonts.css" type = "text/css"
rel="stylesheet" />
< link href = "/site-media/css/base-style.css" type = "text/css"
rel="stylesheet" />
< link href = "/site-media/css/media-resize.css" type = "text/css"
rel="stylesheet" />
< meta name = "theme-color" content = "#000000" >
< script src = "/site-scripts/jquery/dist/jquery.min.js"
type="text/javascript">< / script >
< script src = "/site-scripts/jquery-visible/jquery.visible.min.js"
type="text/javascript">< / script >
< script src = "/site-scripts/underscore/underscore-min.js"
type="text/javascript">< / script >
< script src = "/site-media/bootstrap/js/bootstrap.js"
type="text/javascript">< / script >
< script src = "/site-scripts/moment/min/moment.min.js"
type="text/javascript">< / script >
< script
src="/site-scripts/eonasdan-bootstrap-datetimepicker/build/js/bootstrap-datetimepicker.min.js"
type="text/javascript">< / script >
< script src = "/site-media/js/megamenu.js" type = "text/javascript" > < / script >
< script src = "/site-media/js/nist-exit-script.js"
type="text/javascript">< / script >
< script src = "/site-media/js/forms.js" type = "text/javascript" > < / script >
< script
src="/site-media/js/federated-analytics.all.min.js?agency=NIST& subagency=nvd& pua=UA-37115410-41& yt=true"
type="text/javascript" id="_fed_an_js_tag">< / script >
<!-- Google tag (gtag.js) -->
< script async src = "https://www.googletagmanager.com/gtag/js?id=G-4KKFZP12LQ" > < / script >
< script > window . dataLayer = window . dataLayer || [ ] ; function gtag ( ) { dataLayer . push ( arguments ) ; } gtag ( 'js' , new Date ( ) ) ; gtag ( 'config' , 'G-4KKFZP12LQ' ) ; < / script >
< style id = "antiClickjack" >
body>* {
display: none !important;
}
#antiClickjack {
display: block !important;
}
< / style >
< noscript >
< style id = "antiClickjackNoScript" >
body>* {
display: block !important;
}
#antiClickjack {
display: none !important;
}
< / style >
< / noscript >
< script type = "text/javascript" id = "antiClickjackScript" >
if (self === top) {
// no clickjacking
var antiClickjack = document.getElementById("antiClickjack");
antiClickjack.parentNode.removeChild(antiClickjack);
} else {
setTimeout(tryForward(), 5000);
}
function tryForward() {
top.location = self.location;
}
< / script >
< meta charset = "UTF-8" >
< link href = "/site-media/css/nvd-style.css" type = "text/css"
rel="stylesheet" />
< link href = "/site-media/images/favicons/apple-touch-icon.png"
rel="apple-touch-icon" type="image/png" sizes="180x180" />
< link href = "/site-media/images/favicons/favicon-32x32.png"
rel="icon" type="image/png" sizes="32x32" />
< link href = "/site-media/images/favicons/favicon-16x16.png"
rel="icon" type="image/png" sizes="16x16" />
< link href = "/site-media/images/favicons/manifest.json"
rel="manifest" />
< link href = "/site-media/images/favicons/safari-pinned-tab.svg"
rel="mask-icon" color="#000000" />
< link href = "/site-media/images/favicons/favicon.ico"
rel="shortcut icon" />
< meta name = "msapplication-config" content = "/site-media/images/favicons/browserconfig.xml" / >
< link href = "/site-media/images/favicons/favicon.ico"
rel="shortcut icon" type="image/x-icon" />
< link href = "/site-media/images/favicons/favicon.ico" rel = "icon"
type="image/x-icon" />
< meta charset = "UTF-8" >
< meta charset = "UTF-8" >
< / head >
< body >
< header role = "banner" title = "Site Banner" >
< div id = "antiClickjack" style = "display: none" >
< h1 > You are viewing this page in an unauthorized frame window.< / h1 >
< p >
This is a potential security issue, you are being redirected to
< a href = "https://nvd.nist.gov" > https://nvd.nist.gov< / a >
< / p >
< / div >
< div >
< section class = "usa-banner" aria-label = "Official government website" >
< div class = "usa-accordion container" >
< header class = "usa-banner__header" >
< noscript >
< p style = "font-size: 0.85rem; font-weight: bold;" > You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.< / p >
< / noscript >
< img class = "usa-banner__header-flag"
src="/site-media/images/usbanner/us_flag_small.png" alt="U.S. flag">
< span class = "usa-banner__header-text" > An official website of the United States government< / span >
< button id = "gov-banner-button" class = "usa-accordion__button usa-banner__button" data-toggle = "collapse" data-target = "#gov-banner" aria-expanded = "false" aria-controls = "gov-banner" >
< span class = "usa-banner__button-text" > Here's how you know< / span >
< / button >
< / header >
< div class = "usa-banner__content usa-accordion__content collapse" role = "tabpanel" id = "gov-banner" aria-expanded = "true" >
< div class = "row" >
< div class = "col-md-5 col-sm-12" >
< div class = "row" >
< div class = "col-sm-2 col-xs-3" >
< img class = "usa-banner__icon usa-media-block__img"
src="/site-media/images/usbanner/icon-dot-gov.svg" alt="Dot gov">
< / div >
< div class = "col-sm-10 col-xs-9" >
< p >
< strong > Official websites use .gov< / strong >
< br >
A < strong > .gov< / strong > website belongs to an official government organization in the United States.
< / p >
< / div >
< / div >
< / div >
< div class = "col-md-5 col-sm-12" >
< div class = "row" >
< div class = "col-sm-2 col-xs-3" >
< img class = "usa-banner__icon usa-media-block__img"
src="/site-media/images/usbanner/icon-https.svg" alt="Https">
< / div >
< div class = "col-sm-10 col-xs-9" >
< p >
< strong > Secure .gov websites use HTTPS< / strong >
< br >
A < strong > lock< / strong > (< img class = "usa-banner__lock"
src="/site-media/images/usbanner/lock.svg" alt="Dot gov">) or < strong > https://< / strong > means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
< / p >
< / div >
< / div >
< / div >
< / div >
< / div >
< / div >
< / section >
< / div >
< div >
< div >
< nav id = "navbar" class = "navbar" >
< div id = "nist-menu-container" class = "container" >
< div class = "row" >
<!-- Brand -->
< div class = "col-xs-6 col-md-4 navbar-header"
style="height:104px">
< a class = "navbar-brand"
href="https://www.nist.gov"
target="_blank" rel="noopener noreferrer"
id="navbar-brand-image"
style="padding-top: 36px">
< img alt = "National Institute of Standards and Technology"
src="/site-media/images/nist/nist-logo.svg"
width="110" height="30">
< / a >
< / div >
< div class = "col-xs-6 col-md-8 navbar-nist-logo" >
< span id = "nvd-menu-button" class = "pull-right" style = "margin-top: 26px" > < a href = "#" >
< span class = "fa fa-bars" > < / span > < span id = "nvd-menu-full-text" > < span
class="hidden-xxs">NVD < / span > MENU< / span >
< / a >
< / span >
< / div >
< / div >
< / div >
< div class = "main-menu-row container" >
<!-- Collect the nav links, forms, and other content for toggling -->
< div id = "main-menu-drop" class = "col-lg-12" style = "display: none;" >
< ul >
< li > < a href = "/general" > General < span
class="expander fa fa-plus" id="nvd-header-menu-general"
data-expander-name="general" data-expanded="false"> < span
class="element-invisible">Expand or Collapse< / span >
< / span >
< / a >
< div style = "display: none;" class = "sub-menu"
data-expander-trigger="general">
< div class = "row" >
< div class = "col-lg-4" >
< p >
< a href = "/general/nvd-dashboard" > NVD Dashboard< / a >
< / p >
< p >
< a href = "https://www.nist.gov/itl/nvd" > News and Status Updates< / a >
< / p >
< / div >
< div class = "col-lg-4" >
< p >
< a href = "/general/faq" > FAQ< / a >
< / p >
< / div >
< div class = "col-lg-4" >
< p >
< a href = "/general/visualizations" > Visualizations< / a >
< / p >
< p >
< a href = "/general/legal-disclaimer" > Legal Disclaimer< / a >
< / p >
< / div >
< / div >
< / div > < / li >
< li > < a href = "/vuln" > Vulnerabilities < span
class="expander fa fa-plus"
id="nvd-header-menu-vulnerabilities"
data-expander-name="vulnerabilities" data-expanded="false">
< span class = "element-invisible" > Expand or Collapse< / span >
< / span >
< / a >
< div style = "display: none;" class = "sub-menu"
data-expander-trigger="vulnerabilities">
< div class = "row" >
< div class = "col-lg-4" >
< p >
< a href = "/vuln/search" > Search & Statistics< / a >
< / p >
< p >
< a href = "/vuln/categories" > Weakness Types< / a >
< / p >
< / div >
< div class = "col-lg-4" >
< p >
< a href = "/vuln/data-feeds" > Legacy Data Feeds< / a >
< / p >
< p >
< a href = "/vuln/vendor-comments" > Vendor Comments< / a >
< / p >
< / div >
< div class = "col-lg-4" >
< p >
< a href = "/vuln/cvmap" > CVMAP< / a >
< / p >
< / div >
< / div >
< / div > < / li >
< li > < a href = "/vuln-metrics/cvss#" > Vulnerability Metrics < span
class="expander fa fa-plus" id="nvd-header-menu-metrics"
data-expander-name="metrics" data-expanded="false"> < span
class="element-invisible">Expand or Collapse< / span >
< / span >
< / a >
< div style = "display: none;" class = "sub-menu"
data-expander-trigger="metrics">
< div class = "row" >
< div class = "col-lg-4" >
< p >
< a href = "/vuln-metrics/cvss/v4-calculator" > CVSS v4.0
Calculators< / a >
< / p >
< / div >
< div class = "col-lg-4" >
< p >
< a href = "/vuln-metrics/cvss/v3-calculator" > CVSS v3.x
Calculators< / a >
< / p >
< / div >
< div class = "col-lg-4" >
< p >
< a href = "/vuln-metrics/cvss/v2-calculator" > CVSS v2.0
Calculator< / a >
< / p >
< / div >
< / div >
< / div > < / li >
< li > < a href = "/products" > Products < span
class="expander fa fa-plus" id="nvd-header-menu-products"
data-expander-name="products" data-expanded="false"> < span
class="element-invisible">Expand or Collapse< / span >
< / span >
< / a >
< div style = "display: none;" class = "sub-menu"
data-expander-trigger="products">
< div class = "row" >
< div class = "col-lg-4" >
< p >
< a href = "/products/cpe" > CPE Dictionary< / a >
< / p >
< p >
< a href = "/products/cpe/search" > CPE Search< / a >
< / p >
< / div >
< div class = "col-lg-4" >
< p >
< a href = "/products/cpe/statistics" > CPE Statistics< / a >
< / p >
< p >
< a href = "/products/swid" > SWID< / a >
< / p >
< / div >
< div class = "col-lg-4" > < / div >
< / div >
< / div > < / li >
< li >
< a href = "/developers" > Developers< span
class="expander fa fa-plus" id="nvd-header-menu-developers"
data-expander-name="developers" data-expanded="false"> < span
class="element-invisible">Expand or Collapse< / span >
< / span >
< / a >
< div style = "display: none;" class = "sub-menu"
data-expander-trigger="developers">
< div class = "row" >
< div class = "col-lg-4" >
< p >
< a href = "/developers/start-here" > Start Here< / a >
< / p >
< p >
< a href = "/developers/request-an-api-key" > Request an API Key< / a >
< / p >
< / div >
< div class = "col-lg-4" >
< p >
< a href = "/developers/vulnerabilities" > Vulnerabilities< / a >
< / p >
< p >
< a href = "/developers/products" > Products< / a >
< / p >
< / div >
< div class = "col-lg-4" >
< p >
< a href = "/developers/data-sources" > Data Sources< / a >
< / p >
< p >
< a href = "/developers/terms-of-use" > Terms of Use< / a >
< / p >
< / div >
< / div >
< / div >
< / li >
< li > < a href = "/contact" > Contact NVD < / a > < / li >
< li > < a href = "/other" > Other Sites < span
class="expander fa fa-plus" id="nvd-header-menu-othersites"
data-expander-name="otherSites" data-expanded="false"> < span
class="element-invisible">Expand or Collapse< / span >
< / span >
< / a >
< div style = "display: none;" class = "sub-menu"
data-expander-trigger="otherSites">
< div class = "row" >
< div class = "col-lg-4" >
< p >
< a href = "https://ncp.nist.gov" > Checklist (NCP) Repository< / a >
< / p >
< p >
< a href = "https://ncp.nist.gov/cce" > Configurations (CCE)< / a >
< / p >
< p >
< a href = "https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search" > 800-53 Controls< / a >
< / p >
< / div >
< div class = "col-lg-4" >
< p >
< a
href="https://csrc.nist.gov/projects/scap-validation-program">SCAP
Validated Tools< / a >
< / p >
< p >
< a
href="https://csrc.nist.gov/projects/security-content-automation-protocol">SCAP< / a >
< / p >
< / div >
< div class = "col-lg-4" >
< p >
< a
href="https://csrc.nist.gov/projects/united-states-government-configuration-baseline">USGCB< / a >
< / p >
< / div >
< / div >
< / div > < / li >
< li > < a href = "/search" > Search < span
class="expander fa fa-plus" id="nvd-header-menu-search"
data-expander-name="search" data-expanded="false"> < span
class="element-invisible">Expand or Collapse< / span >
< / span >
< / a >
< div style = "display: none;" class = "sub-menu"
data-expander-trigger="search">
< div class = "row" >
< div class = "col-lg-4" >
< p >
< a href = "/vuln/search" > Vulnerability Search< / a >
< / p >
< / div >
< div class = "col-lg-4" >
< p >
< a href = "/products/cpe/search" > CPE Search< / a >
< / p >
< / div >
< / div >
< / div > < / li >
< / ul >
< / div >
<!-- /#mobile - nav - container -->
< / div >
< / nav >
< section id = "itl-header" class = "has-menu" >
< div class = "container" >
< div class = "row" >
< div class = "col-sm-12 col-md-8" >
< h2 class = "hidden-xs hidden-sm" >
< a href = "https://www.nist.gov/itl" target = "_blank" rel = "noopener noreferrer" > Information Technology Laboratory< / a >
< / h2 >
< h1 class = "hidden-xs hidden-sm" >
< a id = "nvd-header-link"
href="/">National Vulnerability Database< / a >
< / h1 >
< h1 class = "hidden-xs text-center hidden-md hidden-lg"
>National Vulnerability Database< / h1 >
< h1 class = "hidden-sm hidden-md hidden-lg text-center"
>NVD< / h1 >
< / div >
< div class = "col-sm-12 col-md-4" >
< a style = "width: 100%; text-align: center; display: block;padding-top: 14px" >
< img id = "img-logo-nvd-lg"
alt="National Vulnerability Database"
src="/site-media/images/F_NIST-Logo-NVD-white.svg"
width="500" height="100">
< / a >
< / div >
< / div >
< / div >
< / section >
< / div >
< / div >
< / header >
< main >
< div >
< div id = "body-section" class = "container" >
< div >
< div class = "row" >
< nav title = "Side Menu" role = "navigation" class = "col-lg-3 col-md-4 hidden-sm hidden-xs hidden-xxs" >
< ul class = "side-nav" >
< li > < a href = "/general" > General< span
class="expander fa fa-plus" id="nvd-side-menu-general"
data-expander-name="generalSide" data-expanded="false"> < span
class="element-invisible">Expand or Collapse< / span >
< / span >
< / a >
< div style = "display: none;" class = "sub-menu"
data-expander-trigger="generalSide">
< ul >
< li > < a href = "/general/nvd-dashboard" > NVD Dashboard< / a > < / li >
< li > < a href = "https://www.nist.gov/itl/nvd" > News and Status Updates< / a > < / li >
< li > < a href = "/general/faq" > FAQ< / a > < / li >
< li > < a href = "/general/visualizations" > Visualizations< / a > < / li >
< li > < a href = "/general/legal-disclaimer" > Legal Disclaimer< / a > < / li >
< / ul >
< / div > < / li >
< li > < a href = "/vuln" > Vulnerabilities < span
class="expander fa fa-plus"
id="nvd-side-menu-vulnerabilities"
data-expander-name="vulnerabilitiesSide" data-expanded="false">
< span class = "element-invisible" > Expand or Collapse< / span >
< / span >
< / a >
< div style = "display: none;" class = "sub-menu"
data-expander-trigger="vulnerabilitiesSide">
< ul >
< li > < a href = "/vuln/search" > Search & Statistics< / a > < / li >
< li > < a href = "/vuln/categories" > Weakness Types< / a > < / li >
< li > < a href = "/vuln/data-feeds" > Legacy Data Feeds< / a > < / li >
< li > < a href = "/vuln/vendor-comments" > Vendor Comments< / a > < / li >
< li > < a href = "/vuln/cvmap" > CVMAP< / a > < / li >
< / ul >
< / div > < / li >
< li > < a href = "/vuln-metrics/cvss#" > Vulnerability Metrics < span
class="expander fa fa-plus" id="nvd-side-menu-metrics"
data-expander-name="metricsSide" data-expanded="false"> < span
class="element-invisible">Expand or Collapse< / span >
< / span >
< / a >
< div style = "display: none;" class = "sub-menu"
data-expander-trigger="metricsSide">
< ul >
< li > < a href = "/vuln-metrics/cvss/v4-calculator" > CVSS v4.0
Calculator< / a > < / li >
< li > < a href = "/vuln-metrics/cvss/v3-calculator" > CVSS v3.x
Calculators< / a > < / li >
< li > < a href = "/vuln-metrics/cvss/v2-calculator" > CVSS v2.0
Calculator< / a > < / li >
< / ul >
< / div > < / li >
< li > < a href = "/products" > Products < span
class="expander fa fa-plus" id="nvd-side-menu-products"
data-expander-name="productsSide" data-expanded="false"> < span
class="element-invisible">Expand or Collapse< / span >
< / span >
< / a >
< div style = "display: none;" class = "sub-menu"
data-expander-trigger="productsSide">
< ul >
< li > < a href = "/products/cpe" > CPE Dictionary< / a > < / li >
< li > < a href = "/products/cpe/search" > CPE Search< / a > < / li >
< li > < a href = "/products/cpe/statistics" > CPE Statistics< / a > < / li >
< li > < a href = "/products/swid" > SWID< / a > < / li >
< / ul >
< / div > < / li >
< li >
< a href = "/developers" > Developers< span
class="expander fa fa-plus" id="nvd-side-menu-developers"
data-expander-name="developersSide" data-expanded="false">
< span
class="element-invisible">Expand or Collapse< / span >
< / span >
< / a >
< div style = "display: none;" class = "sub-menu"
data-expander-trigger="developersSide">
< ul >
< li > < a href = "/developers/start-here" > Start Here< / a > < / li >
< li > < a href = "/developers/request-an-api-key" > Request an API Key< / a > < / li >
< li > < a href = "/developers/vulnerabilities" > Vulnerabilities< / a > < / li >
< li > < a href = "/developers/products" > Products< / a > < / li >
< li > < a href = "/developers/data-sources" > Data Sources< / a > < / li >
< li > < a href = "/developers/terms-of-use" > Terms of Use< / a > < / li >
< / ul >
< / div >
< / li >
< li > < a href = "/contact" > Contact NVD < / a > < / li >
< li > < a href = "/other" > Other Sites < span
class="expander fa fa-plus" id="nvd-side-menu-othersites"
data-expander-name="otherSitesSide" data-expanded="false">
< span class = "element-invisible" > Expand or Collapse< / span >
< / span >
< / a >
< div style = "display: none;" class = "sub-menu"
data-expander-trigger="otherSitesSide">
< ul >
< li > < a href = "https://ncp.nist.gov" > Checklist (NCP)
Repository< / a > < / li >
< li > < a href = "https://ncp.nist.gov/cce" > Configurations (CCE)< / a > < / li >
< li > < a href = "https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search" > 800-53 Controls< / a > < / li >
< li > < a
href="https://csrc.nist.gov/projects/scap-validation-program">SCAP
Validated Tools< / a > < / li >
< li > < a
href="https://csrc.nist.gov/projects/security-content-automation-protocol">SCAP< / a > < / li >
< li > < a
href="https://csrc.nist.gov/projects/united-states-government-configuration-baseline">USGCB< / a > < / li >
< / ul >
< / div > < / li >
< li > < a href = "/search" > Search < span
class="expander fa fa-plus" id="nvd-side-menu-search"
data-expander-name="searchSide" data-expanded="false"> < span
class="element-invisible">Expand or Collapse< / span >
< / span >
< / a >
< div style = "display: none;" class = "sub-menu"
data-expander-trigger="searchSide">
< ul >
< li > < a href = "/vuln/search" > Vulnerability Search< / a > < / li >
< li > < a href = "/products/cpe/search" > CPE Search< / a > < / li >
< / ul >
< / div > < / li >
< / ul >
< / nav >
< div id = "page-content" class = "col-lg-9 col-md-8 col-sm-12 col-xs-12 col-xxs-12" >
< div class = "col-md-4" style = "padding:0px;" >
< div class = "text-center" >
< span class = "carousel-title" >
< a href = "https://www.nist.gov/itl/nvd" >
< img alt = "Icon for New NVD Communications and Status Updates Page"
src="/site-media/images/LandingPage/readAllAboutIt800x632.png"
style="width: 300px; height: 237px;"
title="New NVD Communications and Status Updates Page">
< br / >
< strong > New Communications Page< / strong >
< / a >
< / span >
< / div >
< / div >
< div class = "col-md-4" style = "padding:0px;" >
< div class = "text-center" >
< span class = "carousel-title" >
< a href = "/general/news/cvss-v4-0-official-support" >
< img alt = "The NVD now supports CVSS version 4.0!"
src="/site-media/images/LandingPage/cvssV4_0Logo.png"
style="width: 300px; height: 237px;"
title="The NVD now supports CVSS version 4.0!">
< br / >
< strong > CVSS v4.0 Support< / strong >
< / a >
< / span >
< / div >
< / div >
< div class = "row" >
< div class = "col-md-4" style = "padding:0px;" >
< div class = "text-center" >
< span class = "carousel-title" >
< a href = "/general/news/api-20-announcements" >
< img alt = "The letters N V D typed out in binary"
src="/site-media/images/LandingPage/apiGuidance800x632.png"
style="width: 300px; height: 237px;"
title="Whats new in API two">
< br / >
< strong > 2.0 APIs< / strong >
< / a >
< / span >
< / div >
< / div >
< / div >
< br / > < span > The NVD is the U.S. government repository
of standards based vulnerability management data represented using
the Security Content Automation Protocol (SCAP). This data enables
automation of vulnerability management, security measurement, and
compliance. The NVD includes databases of security checklist
references, security-related software flaws, product names, and
impact metrics.< / span > < br / > < br / >
< span > For information on how to cite the NVD, including the
database's Digital Object Identifier (DOI), please consult < a href = "https://data.nist.gov/od/id/1E0F15DAAEFB84E4E0531A5706813DD8436" >
NIST's Public Data Repository< / a > .< / span >
< br / > < br / >
< div id = "legal-disclaimer" >
< h4 > Legal Disclaimer:< / h4 >
< p >
Here is where you can read the NVD < a href = "general/legal-disclaimer" > legal disclaimer< / a > .
< / p >
< / div >
< div >
< div class = "row" >
< div class = "col-md-12 col-sm-12" >
< div id = "vulnResultsPanel" >
<!-- Results Panel -->
< div id = "latestVulnsArea" >
< div id = "latestVulnsTitleRow" class = "row" >
< span class = "hidden-md col-lg-9" > < strong class = "h4Size" > Last
20 Scored Vulnerability IDs & Summaries< / strong >
< / span > < span class = "hidden-md col-lg-3" > < strong class = "h4Size" > CVSS
Severity < / strong >
< / span >
< / div >
< ul id = "latestVulns" >
< li >
< div class = "col-lg-9" >
< p >
2025-03-07 17:19:30 +00:00
< strong > < a href = "/vuln/detail/CVE-2024-49310"
id="cveDetailAnchor-0">CVE-2024-49310< / a > < / strong > - Improper Neutralization of Input During Web Page Generation (XSS or ' Cross-site Scripting' ) vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.0.
2025-03-05 18:59:57 +00:00
< br > < strong > Published:< / strong >
2025-03-07 17:19:30 +00:00
October 17, 2024; 3:15:24 PM -0400
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< div class = "col-lg-3" >
< p id = "severity-score-0" >
2025-03-07 17:19:30 +00:00
< span id = "cvss3-link-0" > < em > V3.1:< / em > < a
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-49310& vector=AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N& version=3.1& source=NIST"
class="label label-warning" data-testid="vuln-cvss3-link-0" aria-label="V3 score for CVE-2024-49310">5.4 MEDIUM< / a > < br / >
< / span >
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< / li >
< li >
< div class = "col-lg-9" >
< p >
2025-03-07 17:19:30 +00:00
< strong > < a href = "/vuln/detail/CVE-2024-41785"
id="cveDetailAnchor-1">CVE-2024-41785< / a > < / strong > - IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to ...
2025-03-05 18:59:57 +00:00
2025-03-07 17:19:30 +00:00
< a
href="/vuln/detail/CVE-2024-41785#vulnDescriptionTitle">read CVE-2024-41785< / a > < br > < strong > Published:< / strong >
November 15, 2024; 10:15:07 AM -0500
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< div class = "col-lg-3" >
< p id = "severity-score-1" >
< span id = "cvss3-link-1" > < em > V3.1:< / em > < a
2025-03-07 17:19:30 +00:00
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-41785& vector=AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N& version=3.1& source=IBM%20Corporation"
class="label label-warning" data-testid="vuln-cvss3-link-1" aria-label="V3 score for CVE-2024-41785">6.1 MEDIUM< / a > < br / >
2025-03-05 18:59:57 +00:00
< / span >
< / p >
< / div >
< / li >
< li >
< div class = "col-lg-9" >
< p >
2025-03-07 17:19:30 +00:00
< strong > < a href = "/vuln/detail/CVE-2024-43189"
id="cveDetailAnchor-2">CVE-2024-43189< / a > < / strong > - IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive infor...
2025-03-05 18:59:57 +00:00
2025-03-07 17:19:30 +00:00
< a
href="/vuln/detail/CVE-2024-43189#vulnDescriptionTitle">read CVE-2024-43189< / a > < br > < strong > Published:< / strong >
November 15, 2024; 10:15:07 AM -0500
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< div class = "col-lg-3" >
< p id = "severity-score-2" >
< span id = "cvss3-link-2" > < em > V3.1:< / em > < a
2025-03-07 17:19:30 +00:00
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-43189& vector=AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N& version=3.1& source=NIST"
class="label label-warning" data-testid="vuln-cvss3-link-2" aria-label="V3 score for CVE-2024-43189">5.9 MEDIUM< / a > < br / >
2025-03-05 18:59:57 +00:00
< / span >
< / p >
< / div >
< / li >
< li >
< div class = "col-lg-9" >
< p >
2025-03-07 17:19:30 +00:00
< strong > < a href = "/vuln/detail/CVE-2024-11650"
id="cveDetailAnchor-3">CVE-2024-11650< / a > < / strong > - A vulnerability was found in Tenda i9 1.0.0.8(3828) and classified as critical. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation leads to null pointer dereference. The attack may be initiated remotely. Th...
2025-03-05 18:59:57 +00:00
2025-03-07 17:19:30 +00:00
< a
href="/vuln/detail/CVE-2024-11650#vulnDescriptionTitle">read CVE-2024-11650< / a > < br > < strong > Published:< / strong >
November 24, 2024; 10:15:06 PM -0500
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< div class = "col-lg-3" >
< p id = "severity-score-3" >
< span id = "cvss3-link-3" > < em > V3.1:< / em > < a
2025-03-07 17:19:30 +00:00
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-11650& vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H& version=3.1& source=NIST"
class="label label-danger" data-testid="vuln-cvss3-link-3" aria-label="V3 score for CVE-2024-11650">7.5 HIGH< / a > < br / >
2025-03-05 18:59:57 +00:00
< / span >
< / p >
< / div >
< / li >
< li >
< div class = "col-lg-9" >
< p >
2025-03-07 17:19:30 +00:00
< strong > < a href = "/vuln/detail/CVE-2024-53028"
id="cveDetailAnchor-4">CVE-2024-53028< / a > < / strong > - Memory corruption may occur while processing message from frontend during allocation.
2025-03-05 18:59:57 +00:00
2025-03-07 17:19:30 +00:00
< br > < strong > Published:< / strong >
March 03, 2025; 6:15:14 AM -0500
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< div class = "col-lg-3" >
< p id = "severity-score-4" >
< span id = "cvss3-link-4" > < em > V3.1:< / em > < a
2025-03-07 17:19:30 +00:00
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-53028& vector=AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H& version=3.1& source=NIST"
class="label label-danger" data-testid="vuln-cvss3-link-4" aria-label="V3 score for CVE-2024-53028">7.0 HIGH< / a > < br / >
2025-03-05 18:59:57 +00:00
< / span >
< / p >
< / div >
< / li >
< li >
< div class = "col-lg-9" >
< p >
2025-03-07 17:19:30 +00:00
< strong > < a href = "/vuln/detail/CVE-2024-43055"
id="cveDetailAnchor-5">CVE-2024-43055< / a > < / strong > - Memory corruption while processing camera use case IOCTL call.
2025-03-05 18:59:57 +00:00
2025-03-07 17:19:30 +00:00
< br > < strong > Published:< / strong >
March 03, 2025; 6:15:11 AM -0500
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< div class = "col-lg-3" >
< p id = "severity-score-5" >
< span id = "cvss3-link-5" > < em > V3.1:< / em > < a
2025-03-07 17:19:30 +00:00
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-43055& vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H& version=3.1& source=Qualcomm,%20Inc."
class="label label-danger" data-testid="vuln-cvss3-link-5" aria-label="V3 score for CVE-2024-43055">7.8 HIGH< / a > < br / >
2025-03-05 18:59:57 +00:00
< / span >
< / p >
< / div >
< / li >
< li >
< div class = "col-lg-9" >
< p >
2025-03-07 17:19:30 +00:00
< strong > < a href = "/vuln/detail/CVE-2024-12584"
id="cveDetailAnchor-6">CVE-2024-12584< / a > < / strong > - The 140+ Widgets | Xpro Addons For Elementor – ' duplicate' function. This makes it possible for authenticated attackers...
2025-03-05 18:59:57 +00:00
2025-03-07 17:19:30 +00:00
< a
href="/vuln/detail/CVE-2024-12584#vulnDescriptionTitle">read CVE-2024-12584< / a > < br > < strong > Published:< / strong >
January 08, 2025; 2:15:26 AM -0500
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< div class = "col-lg-3" >
< p id = "severity-score-6" >
2025-03-07 17:19:30 +00:00
< span id = "cvss3-link-6" > < em > V3.1:< / em > < a
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-12584& vector=AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N& version=3.1& source=NIST"
class="label label-warning" data-testid="vuln-cvss3-link-6" aria-label="V3 score for CVE-2024-12584">6.5 MEDIUM< / a > < br / >
< / span >
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< / li >
< li >
< div class = "col-lg-9" >
< p >
2025-03-07 17:19:30 +00:00
< strong > < a href = "/vuln/detail/CVE-2024-38316"
id="cveDetailAnchor-7">CVE-2024-38316< / a > < / strong > - IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.
2025-03-05 18:59:57 +00:00
< br > < strong > Published:< / strong >
2025-03-07 17:19:30 +00:00
February 05, 2025; 6:15:08 PM -0500
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< div class = "col-lg-3" >
< p id = "severity-score-7" >
< span id = "cvss3-link-7" > < em > V3.1:< / em > < a
2025-03-07 17:19:30 +00:00
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-38316& vector=AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H& version=3.1& source=NIST"
class="label label-warning" data-testid="vuln-cvss3-link-7" aria-label="V3 score for CVE-2024-38316">6.5 MEDIUM< / a > < br / >
2025-03-05 18:59:57 +00:00
< / span >
< / p >
< / div >
< / li >
< li >
< div class = "col-lg-9" >
< p >
2025-03-07 17:19:30 +00:00
< strong > < a href = "/vuln/detail/CVE-2024-56473"
id="cveDetailAnchor-8">CVE-2024-56473< / a > < / strong > - IBM Aspera Shares ' Client-IP' headers.
2025-03-05 18:59:57 +00:00
< br > < strong > Published:< / strong >
2025-03-07 17:19:30 +00:00
February 05, 2025; 6:15:10 PM -0500
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< div class = "col-lg-3" >
< p id = "severity-score-8" >
2025-03-07 17:19:30 +00:00
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< / li >
< li >
< div class = "col-lg-9" >
< p >
2025-03-07 17:19:30 +00:00
< strong > < a href = "/vuln/detail/CVE-2024-13796"
id="cveDetailAnchor-9">CVE-2024-13796< / a > < / strong > - The Post Grid and Gutenberg Blocks –
2025-03-05 18:59:57 +00:00
2025-03-07 17:19:30 +00:00
< a
href="/vuln/detail/CVE-2024-13796#vulnDescriptionTitle">read CVE-2024-13796< / a > < br > < strong > Published:< / strong >
February 28, 2025; 12:15:32 AM -0500
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< div class = "col-lg-3" >
< p id = "severity-score-9" >
< span id = "cvss3-link-9" > < em > V3.1:< / em > < a
2025-03-07 17:19:30 +00:00
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-13796& vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N& version=3.1& source=NIST"
class="label label-danger" data-testid="vuln-cvss3-link-9" aria-label="V3 score for CVE-2024-13796">7.5 HIGH< / a > < br / >
2025-03-05 18:59:57 +00:00
< / span >
< / p >
< / div >
< / li >
< li >
< div class = "col-lg-9" >
< p >
2025-03-07 17:19:30 +00:00
< strong > < a href = "/vuln/detail/CVE-2025-0801"
id="cveDetailAnchor-10">CVE-2025-0801< / a > < / strong > - The RateMyAgent Official plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on the ' rma-settings-wizard' . This makes it possible for un...
2025-03-05 18:59:57 +00:00
2025-03-07 17:19:30 +00:00
< a
href="/vuln/detail/CVE-2025-0801#vulnDescriptionTitle">read CVE-2025-0801< / a > < br > < strong > Published:< / strong >
February 28, 2025; 12:15:33 AM -0500
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< div class = "col-lg-3" >
< p id = "severity-score-10" >
2025-03-07 17:19:30 +00:00
< span id = "cvss3-link-10" > < em > V3.1:< / em > < a
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2025-0801& vector=AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N& version=3.1& source=NIST"
class="label label-warning" data-testid="vuln-cvss3-link-10" aria-label="V3 score for CVE-2025-0801">4.3 MEDIUM< / a > < br / >
< / span >
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< / li >
< li >
< div class = "col-lg-9" >
< p >
2025-03-07 17:19:30 +00:00
< strong > < a href = "/vuln/detail/CVE-2025-1505"
id="cveDetailAnchor-11">CVE-2025-1505< / a > < / strong > - The Advanced AJAX Product Filters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ' nonce' parameter in all versions up to, and including, 1.6.8.1 due to insufficient input sanitization and output escaping. This makes i...
2025-03-05 18:59:57 +00:00
< a
2025-03-07 17:19:30 +00:00
href="/vuln/detail/CVE-2025-1505#vulnDescriptionTitle">read CVE-2025-1505< / a > < br > < strong > Published:< / strong >
February 28, 2025; 12:15:33 AM -0500
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< div class = "col-lg-3" >
< p id = "severity-score-11" >
< span id = "cvss3-link-11" > < em > V3.1:< / em > < a
2025-03-07 17:19:30 +00:00
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2025-1505& vector=AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N& version=3.1& source=NIST"
class="label label-warning" data-testid="vuln-cvss3-link-11" aria-label="V3 score for CVE-2025-1505">6.1 MEDIUM< / a > < br / >
2025-03-05 18:59:57 +00:00
< / span >
< / p >
< / div >
< / li >
< li >
< div class = "col-lg-9" >
< p >
2025-03-07 17:19:30 +00:00
< strong > < a href = "/vuln/detail/CVE-2024-45195"
id="cveDetailAnchor-12">CVE-2024-45195< / a > < / strong > - Direct Request (' Forced Browsing' ) vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.16.
Users are recommended to upgrade to version 18.12.16, which fixes the issue.
2025-03-05 18:59:57 +00:00
2025-03-07 17:19:30 +00:00
< br > < strong > Published:< / strong >
September 04, 2024; 5:15:04 AM -0400
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< div class = "col-lg-3" >
< p id = "severity-score-12" >
< span id = "cvss3-link-12" > < em > V3.1:< / em > < a
2025-03-07 17:19:30 +00:00
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-45195& vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N& version=3.1& source=NIST"
class="label label-danger" data-testid="vuln-cvss3-link-12" aria-label="V3 score for CVE-2024-45195">7.5 HIGH< / a > < br / >
2025-03-05 18:59:57 +00:00
< / span >
< / p >
< / div >
< / li >
< li >
< div class = "col-lg-9" >
< p >
2025-03-07 17:19:30 +00:00
< strong > < a href = "/vuln/detail/CVE-2020-1956"
id="cveDetailAnchor-13">CVE-2020-1956< / a > < / strong > - Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
2025-03-05 18:59:57 +00:00
2025-03-07 17:19:30 +00:00
< br > < strong > Published:< / strong >
May 22, 2020; 10:15:11 AM -0400
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< div class = "col-lg-3" >
< p id = "severity-score-13" >
< span id = "cvss3-link-13" > < em > V3.1:< / em > < a
2025-03-07 17:19:30 +00:00
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2020-1956& vector=AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H& version=3.1& source=NIST"
class="label label-danger" data-testid="vuln-cvss3-link-13" aria-label="V3 score for CVE-2020-1956">8.8 HIGH< / a > < br / >
< / span > < span id = "cvss2-link-13" > < em > V2.0:< / em > < a
href="/vuln-metrics/cvss/v2-calculator?name=CVE-2020-1956& vector=(AV:N/AC:L/Au:S/C:C/I:C/A:C)& version=2.0& source=NIST"
class="label label-danger" data-testid="vuln-cvss2-link-13" aria-label="V2 score for CVE-2020-1956">9.0 HIGH< / a > < br / >
< / span >
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< / li >
< li >
< div class = "col-lg-9" >
< p >
2025-03-07 17:19:30 +00:00
< strong > < a href = "/vuln/detail/CVE-2018-7841"
id="cveDetailAnchor-14">CVE-2018-7841< / a > < / strong > - A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.
2025-03-05 18:59:57 +00:00
< br > < strong > Published:< / strong >
2025-03-07 17:19:30 +00:00
May 22, 2019; 4:29:01 PM -0400
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< div class = "col-lg-3" >
< p id = "severity-score-14" >
< span id = "cvss3-link-14" > < em > V3.1:< / em > < a
2025-03-07 17:19:30 +00:00
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2018-7841& vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H& version=3.1& source=NIST"
class="label label-critical" data-testid="vuln-cvss3-link-14" aria-label="V3 score for CVE-2018-7841">9.8 CRITICAL< / a > < br / >
< / span > < span id = "cvss2-link-14" > < em > V2.0:< / em > < a
href="/vuln-metrics/cvss/v2-calculator?name=CVE-2018-7841& vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)& version=2.0& source=NIST"
class="label label-danger" data-testid="vuln-cvss2-link-14" aria-label="V2 score for CVE-2018-7841">7.5 HIGH< / a > < br / >
< / span >
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< / li >
< li >
< div class = "col-lg-9" >
< p >
2025-03-07 17:19:30 +00:00
< strong > < a href = "/vuln/detail/CVE-2025-1757"
id="cveDetailAnchor-15">CVE-2025-1757< / a > < / strong > - The WordPress Portfolio Builder – ' s ' pfhub_portfolio' and ' pfhub_portfolio_portfolio' shortcodes in all versions up to, and including, 1.1.7 due to ...
2025-03-05 18:59:57 +00:00
< a
2025-03-07 17:19:30 +00:00
href="/vuln/detail/CVE-2025-1757#vulnDescriptionTitle">read CVE-2025-1757< / a > < br > < strong > Published:< / strong >
February 28, 2025; 12:15:34 AM -0500
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< div class = "col-lg-3" >
< p id = "severity-score-15" >
< span id = "cvss3-link-15" > < em > V3.1:< / em > < a
2025-03-07 17:19:30 +00:00
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2025-1757& vector=AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N& version=3.1& source=NIST"
class="label label-warning" data-testid="vuln-cvss3-link-15" aria-label="V3 score for CVE-2025-1757">5.4 MEDIUM< / a > < br / >
2025-03-05 18:59:57 +00:00
< / span >
< / p >
< / div >
< / li >
< li >
< div class = "col-lg-9" >
< p >
2025-03-07 17:19:30 +00:00
< strong > < a href = "/vuln/detail/CVE-2018-17480"
id="cveDetailAnchor-16">CVE-2018-17480< / a > < / strong > - Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
2025-03-05 18:59:57 +00:00
< br > < strong > Published:< / strong >
2025-03-07 17:19:30 +00:00
December 11, 2018; 11:29:00 AM -0500
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< div class = "col-lg-3" >
< p id = "severity-score-16" >
< span id = "cvss3-link-16" > < em > V3.1:< / em > < a
2025-03-07 17:19:30 +00:00
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2018-17480& vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H& version=3.1& source=NIST"
class="label label-danger" data-testid="vuln-cvss3-link-16" aria-label="V3 score for CVE-2018-17480">8.8 HIGH< / a > < br / >
< / span > < span id = "cvss2-link-16" > < em > V2.0:< / em > < a
href="/vuln-metrics/cvss/v2-calculator?name=CVE-2018-17480& vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)& version=2.0& source=NIST"
class="label label-warning" data-testid="vuln-cvss2-link-16" aria-label="V2 score for CVE-2018-17480">6.8 MEDIUM< / a > < br / >
< / span >
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< / li >
< li >
< div class = "col-lg-9" >
< p >
2025-03-07 17:19:30 +00:00
< strong > < a href = "/vuln/detail/CVE-2017-9805"
id="cveDetailAnchor-17">CVE-2017-9805< / a > < / strong > - The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializin...
2025-03-05 18:59:57 +00:00
< a
2025-03-07 17:19:30 +00:00
href="/vuln/detail/CVE-2017-9805#vulnDescriptionTitle">read CVE-2017-9805< / a > < br > < strong > Published:< / strong >
September 15, 2017; 3:29:00 PM -0400
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< div class = "col-lg-3" >
< p id = "severity-score-17" >
< span id = "cvss3-link-17" > < em > V3.1:< / em > < a
2025-03-07 17:19:30 +00:00
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2017-9805& vector=AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H& version=3.1& source=NIST"
class="label label-danger" data-testid="vuln-cvss3-link-17" aria-label="V3 score for CVE-2017-9805">8.1 HIGH< / a > < br / >
< / span > < span id = "cvss2-link-17" > < em > V2.0:< / em > < a
href="/vuln-metrics/cvss/v2-calculator?name=CVE-2017-9805& vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)& version=2.0& source=NIST"
class="label label-warning" data-testid="vuln-cvss2-link-17" aria-label="V2 score for CVE-2017-9805">6.8 MEDIUM< / a > < br / >
< / span >
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< / li >
< li >
< div class = "col-lg-9" >
< p >
2025-03-07 17:19:30 +00:00
< strong > < a href = "/vuln/detail/CVE-2016-1646"
id="cveDetailAnchor-18">CVE-2016-1646< / a > < / strong > - The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or...
2025-03-05 18:59:57 +00:00
2025-03-07 17:19:30 +00:00
< a
href="/vuln/detail/CVE-2016-1646#vulnDescriptionTitle">read CVE-2016-1646< / a > < br > < strong > Published:< / strong >
March 29, 2016; 6:59:00 AM -0400
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< div class = "col-lg-3" >
< p id = "severity-score-18" >
< span id = "cvss3-link-18" > < em > V3.1:< / em > < a
2025-03-07 17:19:30 +00:00
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2016-1646& vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H& version=3.1& source=NIST"
class="label label-danger" data-testid="vuln-cvss3-link-18" aria-label="V3 score for CVE-2016-1646">8.8 HIGH< / a > < br / >
< / span > < span id = "cvss2-link-18" > < em > V2.0:< / em > < a
href="/vuln-metrics/cvss/v2-calculator?name=CVE-2016-1646& vector=(AV:N/AC:M/Au:N/C:C/I:C/A:C)& version=2.0& source=NIST"
class="label label-danger" data-testid="vuln-cvss2-link-18" aria-label="V2 score for CVE-2016-1646">9.3 HIGH< / a > < br / >
< / span >
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< / li >
< li >
< div class = "col-lg-9" >
< p >
2025-03-07 17:19:30 +00:00
< strong > < a href = "/vuln/detail/CVE-2015-4852"
id="cveDetailAnchor-19">CVE-2015-4852< / a > < / strong > - The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_c...
2025-03-05 18:59:57 +00:00
< a
2025-03-07 17:19:30 +00:00
href="/vuln/detail/CVE-2015-4852#vulnDescriptionTitle">read CVE-2015-4852< / a > < br > < strong > Published:< / strong >
November 18, 2015; 10:59:00 AM -0500
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< div class = "col-lg-3" >
< p id = "severity-score-19" >
< span id = "cvss3-link-19" > < em > V3.1:< / em > < a
2025-03-07 17:19:30 +00:00
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2015-4852& vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H& version=3.1& source=NIST"
class="label label-critical" data-testid="vuln-cvss3-link-19" aria-label="V3 score for CVE-2015-4852">9.8 CRITICAL< / a > < br / >
< / span > < span id = "cvss2-link-19" > < em > V2.0:< / em > < a
href="/vuln-metrics/cvss/v2-calculator?name=CVE-2015-4852& vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)& version=2.0& source=NIST"
class="label label-danger" data-testid="vuln-cvss2-link-19" aria-label="V2 score for CVE-2015-4852">7.5 HIGH< / a > < br / >
< / span >
2025-03-05 18:59:57 +00:00
< / p >
< / div >
< / li >
< / ul >
< / div >
< / div >
< / div >
< / div >
< / div >
< div class = "col-md-12 historical-data-area" id = "historical-data-area" >
< span >
Created
< span id = "page-created-date" >
< span > September 20, 2022< / span >
< / span > ,
< / span >
Updated
< span id = "page-updated-date" >
< span > August 27, 2024< / span >
< / span >
< / div >
< / div >
< / div >
< / div >
< / div >
< / div >
< / main >
< footer id = "footer" role = "contentinfo" >
< div class = "container" >
< div class = "row" >
< div class = "col-sm-12" >
< ul class = "social-list pull-right" >
< li class = "field-item service-twitter list-horiz" > < a
href="https://twitter.com/NISTCyber" target="_blank" rel="noopener noreferrer"
class="social-btn social-btn--large extlink ext"> < i
class="fa fa-twitter fa-fw">< span class = "element-invisible" > twitter< / span > < / i > < span
class="ext">< span class = "element-invisible" > (link
is external)< / span > < / span >
< / a > < / li >
< li class = "field-item service-facebook list-horiz" > < a
href="https://www.facebook.com/NIST" target="_blank" rel="noopener noreferrer"
class="social-btn social-btn--large extlink ext"> < i
class="fa fa-facebook fa-fw">< span class = "element-invisible" > facebook< / span > < / i > < span
class="ext">< span class = "element-invisible" > (link
is external)< / span > < / span > < / a > < / li >
< li class = "field-item service-linkedin list-horiz" > < a
href="https://www.linkedin.com/company/nist" target="_blank" rel="noopener noreferrer"
class="social-btn social-btn--large extlink ext"> < i
class="fa fa-linkedin fa-fw">< span class = "element-invisible" > linkedin< / span > < / i > < span
class="ext">< span class = "element-invisible" > (link
is external)< / span > < / span > < / a > < / li >
< li class = "field-item service-youtube list-horiz" > < a
href="https://www.youtube.com/user/USNISTGOV" target="_blank" rel="noopener noreferrer"
class="social-btn social-btn--large extlink ext"> < i
class="fa fa-youtube fa-fw">< span class = "element-invisible" > youtube< / span > < / i > < span
class="ext">< span class = "element-invisible" > (link
is external)< / span > < / span > < / a > < / li >
< li class = "field-item service-rss list-horiz" > < a
href="https://www.nist.gov/news-events/nist-rss-feeds"
target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink">
< i class = "fa fa-rss fa-fw" > < span class = "element-invisible" > rss< / span > < / i >
< / a > < / li >
< li class = "field-item service-govdelivery list-horiz last" > < a
href="https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3"
target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext">
< i class = "fa fa-envelope fa-fw" > < span
class="element-invisible">govdelivery< / span > < / i > < span class = "ext" > < span
class="element-invisible"> (link is external)< / span > < / span >
< / a > < / li >
< / ul >
< span class = "hidden-xs" > < a
title="National Institute of Standards and Technology" rel="home"
class="footer-nist-logo"> < img
src="/site-media/images/nist/nist-logo.png"
alt="National Institute of Standards and Technology logo" />
< / a >
< / span >
< / div >
< / div >
< div class = "row hidden-sm hidden-md hidden-lg" >
< div class = "col-sm-12" >
< a href = "https://www.nist.gov"
title="National Institute of Standards and Technology" rel="home"
target="_blank" rel="noopener noreferrer" class="footer-nist-logo"> < img
src="/site-media/images/nist/nist-logo.png"
alt="National Institute of Standards and Technology logo" />
< / a >
< / div >
< / div >
< div class = "row footer-contact-container" >
< div class = "col-sm-6" >
< strong > HEADQUARTERS< / strong >
< br >
100 Bureau Drive
< br >
Gaithersburg, MD 20899
< br >
< a href = "tel:301-975-2000" > (301) 975-2000< / a >
< br >
< br >
< a href = "mailto:nvd@nist.gov" > Webmaster< / a > | < a
href="https://www.nist.gov/about-nist/contact-us">Contact Us< / a >
| < a href = "https://www.nist.gov/about-nist/visit"
style="display: inline-block;">Our Other Offices< / a >
< / div >
< div class = "col-sm-6" >
< div class = "pull-right"
style="text-align:right">
< strong > Incident Response Assistance and Non-NVD Related< br > Technical Cyber Security Questions:< / strong >
< br >
US-CERT Security Operations Center
< br > Email: < a href = "mailto:soc@us-cert.gov" > soc@us-cert.gov< / a >
< br > Phone: 1-888-282-0870
< / div >
< / div >
< / div >
< div class = "row" >
< nav title = "Footer Navigation" role = "navigation"
class="row footer-bottom-links-container">
<!-- https://github.com/usnistgov/nist - header - footer/blob/nist - pages/boilerplate - footer.html -->
< p >
< a href = "https://www.nist.gov/oism/site-privacy" > Site Privacy< / a >
|
< a href = "https://www.nist.gov/oism/accessibility" > Accessibility< / a >
|
< a href = "https://www.nist.gov/privacy" > Privacy Program< / a >
|
< a href = "https://www.nist.gov/oism/copyrights" > Copyrights< / a >
|
< a href = "https://www.commerce.gov/vulnerability-disclosure-policy" > Vulnerability Disclosure< / a >
|
< a href = "https://www.nist.gov/no-fear-act-policy" > No Fear Act Policy< / a >
|
< a href = "https://www.nist.gov/foia" > FOIA< / a >
|
< a href = "https://www.nist.gov/environmental-policy-statement" > Environmental Policy< / a >
|
< a href = "https://www.nist.gov/summary-report-scientific-integrity" > Scientific Integrity< / a >
|
< a href = "https://www.nist.gov/nist-information-quality-standards" > Information Quality Standards< / a >
|
< a href = "https://www.commerce.gov/" > Commerce.gov< / a >
|
< a href = "https://www.science.gov/" > Science.gov< / a >
|
< a href = "https://www.usa.gov/" > USA.gov< / a >
< / p >
< / nav >
< / div >
< / div >
< / footer >
< / body >
< / html >
