1350 lines
No EOL
51 KiB
HTML
1350 lines
No EOL
51 KiB
HTML
<!DOCTYPE html>
|
|
|
|
<html lang="en">
|
|
<head>
|
|
|
|
|
|
|
|
<title>NVD - Home</title>
|
|
|
|
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
|
<meta http-equiv="content-style-type" content="text/css" />
|
|
<meta http-equiv="content-script-type" content="text/javascript" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
|
|
|
|
<link href="/site-scripts/font-awesome/css/font-awesome.min.css"
|
|
type="text/css" rel="stylesheet" />
|
|
<link href="/site-media/bootstrap/css/bootstrap.min.css"
|
|
type="text/css" rel="stylesheet" />
|
|
<link href="/site-media/bootstrap/css/bootstrap-theme.min.css"
|
|
type="text/css" rel="stylesheet" />
|
|
<link
|
|
href="/site-scripts/eonasdan-bootstrap-datetimepicker/build/css/bootstrap-datetimepicker.min.css"
|
|
type="text/css" rel="stylesheet" />
|
|
|
|
|
|
<link href="/site-media/css/nist-fonts.css" type="text/css"
|
|
rel="stylesheet" />
|
|
<link href="/site-media/css/base-style.css" type="text/css"
|
|
rel="stylesheet" />
|
|
<link href="/site-media/css/media-resize.css" type="text/css"
|
|
rel="stylesheet" />
|
|
|
|
|
|
<meta name="theme-color" content="#000000">
|
|
|
|
|
|
<script src="/site-scripts/jquery/dist/jquery.min.js"
|
|
type="text/javascript"></script>
|
|
<script src="/site-scripts/jquery-visible/jquery.visible.min.js"
|
|
type="text/javascript"></script>
|
|
<script src="/site-scripts/underscore/underscore-min.js"
|
|
type="text/javascript"></script>
|
|
<script src="/site-media/bootstrap/js/bootstrap.js"
|
|
type="text/javascript"></script>
|
|
<script src="/site-scripts/moment/min/moment.min.js"
|
|
type="text/javascript"></script>
|
|
<script
|
|
src="/site-scripts/eonasdan-bootstrap-datetimepicker/build/js/bootstrap-datetimepicker.min.js"
|
|
type="text/javascript"></script>
|
|
|
|
|
|
<script src="/site-media/js/megamenu.js" type="text/javascript"></script>
|
|
<script src="/site-media/js/nist-exit-script.js"
|
|
type="text/javascript"></script>
|
|
<script src="/site-media/js/forms.js" type="text/javascript"></script>
|
|
|
|
<script
|
|
src="/site-media/js/federated-analytics.all.min.js?agency=NIST&subagency=nvd&pua=UA-37115410-41&yt=true"
|
|
type="text/javascript" id="_fed_an_js_tag"></script>
|
|
|
|
<!-- Google tag (gtag.js) -->
|
|
<script async src="https://www.googletagmanager.com/gtag/js?id=G-4KKFZP12LQ"></script>
|
|
<script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-4KKFZP12LQ'); </script>
|
|
|
|
|
|
<style id="antiClickjack">
|
|
body>* {
|
|
display: none !important;
|
|
}
|
|
|
|
#antiClickjack {
|
|
display: block !important;
|
|
}
|
|
</style>
|
|
<noscript>
|
|
<style id="antiClickjackNoScript">
|
|
body>* {
|
|
display: block !important;
|
|
}
|
|
|
|
#antiClickjack {
|
|
display: none !important;
|
|
}
|
|
</style>
|
|
</noscript>
|
|
<script type="text/javascript" id="antiClickjackScript">
|
|
if (self === top) {
|
|
// no clickjacking
|
|
var antiClickjack = document.getElementById("antiClickjack");
|
|
antiClickjack.parentNode.removeChild(antiClickjack);
|
|
} else {
|
|
setTimeout(tryForward(), 5000);
|
|
}
|
|
|
|
function tryForward() {
|
|
top.location = self.location;
|
|
}
|
|
</script>
|
|
<meta charset="UTF-8">
|
|
|
|
<link href="/site-media/css/nvd-style.css" type="text/css"
|
|
rel="stylesheet" />
|
|
<link href="/site-media/images/favicons/apple-touch-icon.png"
|
|
rel="apple-touch-icon" type="image/png" sizes="180x180" />
|
|
<link href="/site-media/images/favicons/favicon-32x32.png"
|
|
rel="icon" type="image/png" sizes="32x32" />
|
|
<link href="/site-media/images/favicons/favicon-16x16.png"
|
|
rel="icon" type="image/png" sizes="16x16" />
|
|
<link href="/site-media/images/favicons/manifest.json"
|
|
rel="manifest" />
|
|
<link href="/site-media/images/favicons/safari-pinned-tab.svg"
|
|
rel="mask-icon" color="#000000" />
|
|
<link href="/site-media/images/favicons/favicon.ico"
|
|
rel="shortcut icon" />
|
|
<meta name="msapplication-config" content="/site-media/images/favicons/browserconfig.xml" />
|
|
<link href="/site-media/images/favicons/favicon.ico"
|
|
rel="shortcut icon" type="image/x-icon" />
|
|
<link href="/site-media/images/favicons/favicon.ico" rel="icon"
|
|
type="image/x-icon" />
|
|
<meta charset="UTF-8">
|
|
<meta charset="UTF-8">
|
|
|
|
</head>
|
|
<body>
|
|
<header role="banner" title="Site Banner">
|
|
<div id="antiClickjack" style="display: none">
|
|
<h1>You are viewing this page in an unauthorized frame window.</h1>
|
|
<p>
|
|
This is a potential security issue, you are being redirected to
|
|
<a href="https://nvd.nist.gov">https://nvd.nist.gov</a>
|
|
</p>
|
|
</div>
|
|
<div>
|
|
<section class="usa-banner" aria-label="Official government website">
|
|
<div class="usa-accordion container">
|
|
<header class="usa-banner__header">
|
|
<noscript>
|
|
<p style="font-size: 0.85rem; font-weight: bold;">You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.</p>
|
|
</noscript>
|
|
<img class="usa-banner__header-flag"
|
|
src="/site-media/images/usbanner/us_flag_small.png" alt="U.S. flag">
|
|
|
|
<span class="usa-banner__header-text">An official website of the United States government</span>
|
|
|
|
<button id="gov-banner-button" class="usa-accordion__button usa-banner__button" data-toggle="collapse" data-target="#gov-banner" aria-expanded="false" aria-controls="gov-banner">
|
|
<span class="usa-banner__button-text">Here's how you know</span>
|
|
</button>
|
|
</header>
|
|
<div class="usa-banner__content usa-accordion__content collapse" role="tabpanel" id="gov-banner" aria-expanded="true">
|
|
<div class="row">
|
|
<div class="col-md-5 col-sm-12">
|
|
<div class="row">
|
|
<div class="col-sm-2 col-xs-3">
|
|
<img class="usa-banner__icon usa-media-block__img"
|
|
src="/site-media/images/usbanner/icon-dot-gov.svg" alt="Dot gov">
|
|
</div>
|
|
<div class="col-sm-10 col-xs-9">
|
|
<p>
|
|
<strong>Official websites use .gov</strong>
|
|
<br>
|
|
A <strong>.gov</strong> website belongs to an official government organization in the United States.
|
|
</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="col-md-5 col-sm-12">
|
|
<div class="row">
|
|
<div class="col-sm-2 col-xs-3">
|
|
<img class="usa-banner__icon usa-media-block__img"
|
|
src="/site-media/images/usbanner/icon-https.svg" alt="Https">
|
|
</div>
|
|
<div class="col-sm-10 col-xs-9">
|
|
<p>
|
|
<strong>Secure .gov websites use HTTPS</strong>
|
|
<br>
|
|
A <strong>lock</strong> (<img class="usa-banner__lock"
|
|
src="/site-media/images/usbanner/lock.svg" alt="Dot gov">) or <strong>https://</strong> means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
|
|
</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</section>
|
|
</div>
|
|
<div>
|
|
<div>
|
|
<nav id="navbar" class="navbar">
|
|
<div id="nist-menu-container" class="container">
|
|
<div class="row">
|
|
<!-- Brand -->
|
|
<div class="col-xs-6 col-md-4 navbar-header"
|
|
style="height:104px">
|
|
<a class="navbar-brand"
|
|
href="https://www.nist.gov"
|
|
target="_blank" rel="noopener noreferrer"
|
|
id="navbar-brand-image"
|
|
style="padding-top: 36px">
|
|
|
|
<img alt="National Institute of Standards and Technology"
|
|
src="/site-media/images/nist/nist-logo.svg"
|
|
width="110" height="30">
|
|
</a>
|
|
</div>
|
|
<div class="col-xs-6 col-md-8 navbar-nist-logo">
|
|
<span id="nvd-menu-button" class="pull-right" style="margin-top: 26px"> <a href="#">
|
|
<span class="fa fa-bars"></span> <span id="nvd-menu-full-text"><span
|
|
class="hidden-xxs">NVD </span>MENU</span>
|
|
</a>
|
|
</span>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="main-menu-row container">
|
|
<!-- Collect the nav links, forms, and other content for toggling -->
|
|
<div id="main-menu-drop" class="col-lg-12" style="display: none;">
|
|
<ul>
|
|
|
|
<li><a href="/general"> General <span
|
|
class="expander fa fa-plus" id="nvd-header-menu-general"
|
|
data-expander-name="general" data-expanded="false"> <span
|
|
class="element-invisible">Expand or Collapse</span>
|
|
</span>
|
|
</a>
|
|
<div style="display: none;" class="sub-menu"
|
|
data-expander-trigger="general">
|
|
<div class="row">
|
|
<div class="col-lg-4">
|
|
<p>
|
|
<a href="/general/nvd-dashboard">NVD Dashboard</a>
|
|
</p>
|
|
<p>
|
|
<a href="https://www.nist.gov/itl/nvd">News and Status Updates</a>
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-4">
|
|
<p>
|
|
<a href="/general/faq">FAQ</a>
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-4">
|
|
<p>
|
|
<a href="/general/visualizations">Visualizations</a>
|
|
</p>
|
|
<p>
|
|
<a href="/general/legal-disclaimer">Legal Disclaimer</a>
|
|
</p>
|
|
</div>
|
|
</div>
|
|
</div></li>
|
|
<li><a href="/vuln"> Vulnerabilities <span
|
|
class="expander fa fa-plus"
|
|
id="nvd-header-menu-vulnerabilities"
|
|
data-expander-name="vulnerabilities" data-expanded="false">
|
|
<span class="element-invisible">Expand or Collapse</span>
|
|
</span>
|
|
</a>
|
|
<div style="display: none;" class="sub-menu"
|
|
data-expander-trigger="vulnerabilities">
|
|
<div class="row">
|
|
<div class="col-lg-4">
|
|
<p>
|
|
<a href="/vuln/search">Search & Statistics</a>
|
|
</p>
|
|
<p>
|
|
<a href="/vuln/categories">Weakness Types</a>
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-4">
|
|
<p>
|
|
<a href="/vuln/data-feeds">Legacy Data Feeds</a>
|
|
</p>
|
|
<p>
|
|
<a href="/vuln/vendor-comments">Vendor Comments</a>
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-4">
|
|
<p>
|
|
<a href="/vuln/cvmap">CVMAP</a>
|
|
</p>
|
|
</div>
|
|
</div>
|
|
</div></li>
|
|
<li><a href="/vuln-metrics/cvss#"> Vulnerability Metrics <span
|
|
class="expander fa fa-plus" id="nvd-header-menu-metrics"
|
|
data-expander-name="metrics" data-expanded="false"> <span
|
|
class="element-invisible">Expand or Collapse</span>
|
|
</span>
|
|
</a>
|
|
<div style="display: none;" class="sub-menu"
|
|
data-expander-trigger="metrics">
|
|
<div class="row">
|
|
<div class="col-lg-4">
|
|
<p>
|
|
<a href="/vuln-metrics/cvss/v4-calculator">CVSS v4.0
|
|
Calculators</a>
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-4">
|
|
<p>
|
|
<a href="/vuln-metrics/cvss/v3-calculator">CVSS v3.x
|
|
Calculators</a>
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-4">
|
|
<p>
|
|
<a href="/vuln-metrics/cvss/v2-calculator">CVSS v2.0
|
|
Calculator</a>
|
|
</p>
|
|
|
|
</div>
|
|
</div>
|
|
</div></li>
|
|
<li><a href="/products"> Products <span
|
|
class="expander fa fa-plus" id="nvd-header-menu-products"
|
|
data-expander-name="products" data-expanded="false"> <span
|
|
class="element-invisible">Expand or Collapse</span>
|
|
</span>
|
|
</a>
|
|
<div style="display: none;" class="sub-menu"
|
|
data-expander-trigger="products">
|
|
<div class="row">
|
|
<div class="col-lg-4">
|
|
<p>
|
|
<a href="/products/cpe">CPE Dictionary</a>
|
|
</p>
|
|
<p>
|
|
<a href="/products/cpe/search">CPE Search</a>
|
|
</p>
|
|
|
|
</div>
|
|
<div class="col-lg-4">
|
|
<p>
|
|
<a href="/products/cpe/statistics">CPE Statistics</a>
|
|
</p>
|
|
<p>
|
|
<a href="/products/swid">SWID</a>
|
|
</p>
|
|
|
|
</div>
|
|
<div class="col-lg-4"></div>
|
|
</div>
|
|
</div></li>
|
|
<li>
|
|
<a href="/developers">Developers<span
|
|
class="expander fa fa-plus" id="nvd-header-menu-developers"
|
|
data-expander-name="developers" data-expanded="false"> <span
|
|
class="element-invisible">Expand or Collapse</span>
|
|
</span>
|
|
</a>
|
|
<div style="display: none;" class="sub-menu"
|
|
data-expander-trigger="developers">
|
|
<div class="row">
|
|
<div class="col-lg-4">
|
|
<p>
|
|
<a href="/developers/start-here">Start Here</a>
|
|
</p>
|
|
<p>
|
|
<a href="/developers/request-an-api-key">Request an API Key</a>
|
|
</p>
|
|
|
|
</div>
|
|
<div class="col-lg-4">
|
|
<p>
|
|
<a href="/developers/vulnerabilities">Vulnerabilities</a>
|
|
</p>
|
|
<p>
|
|
<a href="/developers/products">Products</a>
|
|
</p>
|
|
|
|
</div>
|
|
<div class="col-lg-4">
|
|
<p>
|
|
<a href="/developers/data-sources">Data Sources</a>
|
|
</p>
|
|
<p>
|
|
<a href="/developers/terms-of-use">Terms of Use</a>
|
|
</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</li>
|
|
<li><a href="/contact"> Contact NVD </a></li>
|
|
<li><a href="/other"> Other Sites <span
|
|
class="expander fa fa-plus" id="nvd-header-menu-othersites"
|
|
data-expander-name="otherSites" data-expanded="false"> <span
|
|
class="element-invisible">Expand or Collapse</span>
|
|
</span>
|
|
</a>
|
|
<div style="display: none;" class="sub-menu"
|
|
data-expander-trigger="otherSites">
|
|
<div class="row">
|
|
<div class="col-lg-4">
|
|
<p>
|
|
<a href="https://ncp.nist.gov">Checklist (NCP) Repository</a>
|
|
</p>
|
|
<p>
|
|
<a href="https://ncp.nist.gov/cce">Configurations (CCE)</a>
|
|
</p>
|
|
<p>
|
|
<a href="https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search">800-53 Controls</a>
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-4">
|
|
<p>
|
|
<a
|
|
href="https://csrc.nist.gov/projects/scap-validation-program">SCAP
|
|
Validated Tools</a>
|
|
</p>
|
|
<p>
|
|
<a
|
|
href="https://csrc.nist.gov/projects/security-content-automation-protocol">SCAP</a>
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-4">
|
|
<p>
|
|
<a
|
|
href="https://csrc.nist.gov/projects/united-states-government-configuration-baseline">USGCB</a>
|
|
</p>
|
|
</div>
|
|
</div>
|
|
</div></li>
|
|
|
|
<li><a href="/search"> Search <span
|
|
class="expander fa fa-plus" id="nvd-header-menu-search"
|
|
data-expander-name="search" data-expanded="false"> <span
|
|
class="element-invisible">Expand or Collapse</span>
|
|
</span>
|
|
</a>
|
|
<div style="display: none;" class="sub-menu"
|
|
data-expander-trigger="search">
|
|
<div class="row">
|
|
<div class="col-lg-4">
|
|
<p>
|
|
<a href="/vuln/search">Vulnerability Search</a>
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-4">
|
|
<p>
|
|
<a href="/products/cpe/search">CPE Search</a>
|
|
</p>
|
|
</div>
|
|
</div>
|
|
</div></li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</div>
|
|
<!-- /#mobile-nav-container -->
|
|
</div>
|
|
|
|
</nav>
|
|
<section id="itl-header" class="has-menu">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-sm-12 col-md-8">
|
|
<h2 class="hidden-xs hidden-sm">
|
|
<a href="https://www.nist.gov/itl" target="_blank" rel="noopener noreferrer">Information Technology Laboratory</a>
|
|
</h2>
|
|
<h1 class="hidden-xs hidden-sm">
|
|
<a id="nvd-header-link"
|
|
href="/">National Vulnerability Database</a>
|
|
</h1>
|
|
<h1 class="hidden-xs text-center hidden-md hidden-lg"
|
|
>National Vulnerability Database</h1>
|
|
<h1 class="hidden-sm hidden-md hidden-lg text-center"
|
|
>NVD</h1>
|
|
|
|
</div>
|
|
<div class="col-sm-12 col-md-4">
|
|
<a style="width: 100%; text-align: center; display: block;padding-top: 14px">
|
|
<img id="img-logo-nvd-lg"
|
|
alt="National Vulnerability Database"
|
|
src="/site-media/images/F_NIST-Logo-NVD-white.svg"
|
|
width="500" height="100">
|
|
</a>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</section>
|
|
|
|
|
|
</div>
|
|
</div>
|
|
</header>
|
|
<main>
|
|
<div>
|
|
<div id="body-section" class="container">
|
|
|
|
<div>
|
|
|
|
<div class="row">
|
|
<nav title="Side Menu" role="navigation" class="col-lg-3 col-md-4 hidden-sm hidden-xs hidden-xxs">
|
|
<ul class="side-nav">
|
|
<li><a href="/general">General<span
|
|
class="expander fa fa-plus" id="nvd-side-menu-general"
|
|
data-expander-name="generalSide" data-expanded="false"> <span
|
|
class="element-invisible">Expand or Collapse</span>
|
|
</span>
|
|
</a>
|
|
<div style="display: none;" class="sub-menu"
|
|
data-expander-trigger="generalSide">
|
|
<ul>
|
|
<li><a href="/general/nvd-dashboard">NVD Dashboard</a></li>
|
|
<li><a href="https://www.nist.gov/itl/nvd">News and Status Updates</a></li>
|
|
<li><a href="/general/faq">FAQ</a></li>
|
|
<li><a href="/general/visualizations">Visualizations</a></li>
|
|
<li><a href="/general/legal-disclaimer">Legal Disclaimer</a></li>
|
|
</ul>
|
|
</div></li>
|
|
<li><a href="/vuln"> Vulnerabilities <span
|
|
class="expander fa fa-plus"
|
|
id="nvd-side-menu-vulnerabilities"
|
|
data-expander-name="vulnerabilitiesSide" data-expanded="false">
|
|
<span class="element-invisible">Expand or Collapse</span>
|
|
</span>
|
|
</a>
|
|
<div style="display: none;" class="sub-menu"
|
|
data-expander-trigger="vulnerabilitiesSide">
|
|
<ul>
|
|
<li><a href="/vuln/search">Search & Statistics</a></li>
|
|
<li><a href="/vuln/categories">Weakness Types</a></li>
|
|
<li><a href="/vuln/data-feeds">Legacy Data Feeds</a></li>
|
|
<li><a href="/vuln/vendor-comments">Vendor Comments</a></li>
|
|
<li><a href="/vuln/cvmap">CVMAP</a></li>
|
|
</ul>
|
|
</div></li>
|
|
<li><a href="/vuln-metrics/cvss#"> Vulnerability Metrics <span
|
|
class="expander fa fa-plus" id="nvd-side-menu-metrics"
|
|
data-expander-name="metricsSide" data-expanded="false"> <span
|
|
class="element-invisible">Expand or Collapse</span>
|
|
</span>
|
|
</a>
|
|
<div style="display: none;" class="sub-menu"
|
|
data-expander-trigger="metricsSide">
|
|
<ul>
|
|
<li><a href="/vuln-metrics/cvss/v4-calculator">CVSS v4.0
|
|
Calculator</a></li>
|
|
<li><a href="/vuln-metrics/cvss/v3-calculator">CVSS v3.x
|
|
Calculators</a></li>
|
|
<li><a href="/vuln-metrics/cvss/v2-calculator">CVSS v2.0
|
|
Calculator</a></li>
|
|
</ul>
|
|
</div></li>
|
|
<li><a href="/products"> Products <span
|
|
class="expander fa fa-plus" id="nvd-side-menu-products"
|
|
data-expander-name="productsSide" data-expanded="false"> <span
|
|
class="element-invisible">Expand or Collapse</span>
|
|
</span>
|
|
</a>
|
|
<div style="display: none;" class="sub-menu"
|
|
data-expander-trigger="productsSide">
|
|
<ul>
|
|
<li><a href="/products/cpe">CPE Dictionary</a></li>
|
|
<li><a href="/products/cpe/search">CPE Search</a></li>
|
|
<li><a href="/products/cpe/statistics">CPE Statistics</a></li>
|
|
<li><a href="/products/swid">SWID</a></li>
|
|
</ul>
|
|
</div></li>
|
|
<li>
|
|
<a href="/developers">Developers<span
|
|
class="expander fa fa-plus" id="nvd-side-menu-developers"
|
|
data-expander-name="developersSide" data-expanded="false">
|
|
<span
|
|
class="element-invisible">Expand or Collapse</span>
|
|
</span>
|
|
</a>
|
|
<div style="display: none;" class="sub-menu"
|
|
data-expander-trigger="developersSide">
|
|
<ul>
|
|
<li><a href="/developers/start-here">Start Here</a></li>
|
|
<li><a href="/developers/request-an-api-key">Request an API Key</a></li>
|
|
<li><a href="/developers/vulnerabilities">Vulnerabilities</a></li>
|
|
<li><a href="/developers/products">Products</a></li>
|
|
<li><a href="/developers/data-sources">Data Sources</a></li>
|
|
<li><a href="/developers/terms-of-use">Terms of Use</a></li>
|
|
</ul>
|
|
</div>
|
|
</li>
|
|
<li><a href="/contact"> Contact NVD </a></li>
|
|
<li><a href="/other"> Other Sites <span
|
|
class="expander fa fa-plus" id="nvd-side-menu-othersites"
|
|
data-expander-name="otherSitesSide" data-expanded="false">
|
|
<span class="element-invisible">Expand or Collapse</span>
|
|
</span>
|
|
</a>
|
|
<div style="display: none;" class="sub-menu"
|
|
data-expander-trigger="otherSitesSide">
|
|
<ul>
|
|
<li><a href="https://ncp.nist.gov">Checklist (NCP)
|
|
Repository</a></li>
|
|
<li><a href="https://ncp.nist.gov/cce">Configurations (CCE)</a></li>
|
|
<li><a href="https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search">800-53 Controls</a></li>
|
|
<li><a
|
|
href="https://csrc.nist.gov/projects/scap-validation-program">SCAP
|
|
Validated Tools</a></li>
|
|
<li><a
|
|
href="https://csrc.nist.gov/projects/security-content-automation-protocol">SCAP</a></li>
|
|
<li><a
|
|
href="https://csrc.nist.gov/projects/united-states-government-configuration-baseline">USGCB</a></li>
|
|
</ul>
|
|
</div></li>
|
|
<li><a href="/search"> Search <span
|
|
class="expander fa fa-plus" id="nvd-side-menu-search"
|
|
data-expander-name="searchSide" data-expanded="false"> <span
|
|
class="element-invisible">Expand or Collapse</span>
|
|
</span>
|
|
</a>
|
|
<div style="display: none;" class="sub-menu"
|
|
data-expander-trigger="searchSide">
|
|
<ul>
|
|
<li><a href="/vuln/search">Vulnerability Search</a></li>
|
|
<li><a href="/products/cpe/search">CPE Search</a></li>
|
|
</ul>
|
|
</div></li>
|
|
</ul>
|
|
</nav>
|
|
<div id="page-content" class="col-lg-9 col-md-8 col-sm-12 col-xs-12 col-xxs-12">
|
|
|
|
<div class="col-md-4" style="padding:0px;">
|
|
<div class="text-center">
|
|
<span class="carousel-title">
|
|
<a href="https://www.nist.gov/itl/nvd">
|
|
<img alt="Icon for New NVD Communications and Status Updates Page"
|
|
src="/site-media/images/LandingPage/readAllAboutIt800x632.png"
|
|
style="width: 300px; height: 237px;"
|
|
title="New NVD Communications and Status Updates Page">
|
|
<br/>
|
|
<strong>New Communications Page</strong>
|
|
</a>
|
|
</span>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="col-md-4" style="padding:0px;">
|
|
<div class="text-center">
|
|
<span class="carousel-title">
|
|
<a href="/general/news/cvss-v4-0-official-support">
|
|
<img alt="The NVD now supports CVSS version 4.0!"
|
|
src="/site-media/images/LandingPage/cvssV4_0Logo.png"
|
|
style="width: 300px; height: 237px;"
|
|
title="The NVD now supports CVSS version 4.0!">
|
|
<br/>
|
|
<strong>CVSS v4.0 Support</strong>
|
|
</a>
|
|
</span>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="row">
|
|
<div class="col-md-4" style="padding:0px;">
|
|
<div class="text-center">
|
|
<span class="carousel-title">
|
|
<a href="/general/news/api-20-announcements">
|
|
<img alt="The letters N V D typed out in binary"
|
|
src="/site-media/images/LandingPage/apiGuidance800x632.png"
|
|
style="width: 300px; height: 237px;"
|
|
title="Whats new in API two">
|
|
<br/>
|
|
<strong>2.0 APIs</strong>
|
|
</a>
|
|
</span>
|
|
</div>
|
|
</div>
|
|
|
|
</div>
|
|
<br/> <span>The NVD is the U.S. government repository
|
|
of standards based vulnerability management data represented using
|
|
the Security Content Automation Protocol (SCAP). This data enables
|
|
automation of vulnerability management, security measurement, and
|
|
compliance. The NVD includes databases of security checklist
|
|
references, security-related software flaws, product names, and
|
|
impact metrics.</span> <br/> <br/>
|
|
|
|
<span>For information on how to cite the NVD, including the
|
|
database's Digital Object Identifier (DOI), please consult <a href="https://data.nist.gov/od/id/1E0F15DAAEFB84E4E0531A5706813DD8436">
|
|
NIST's Public Data Repository</a>.</span>
|
|
|
|
<br/> <br/>
|
|
<div id="legal-disclaimer">
|
|
<h4>Legal Disclaimer:</h4>
|
|
<p>
|
|
Here is where you can read the NVD <a href="general/legal-disclaimer">legal disclaimer</a>.
|
|
</p>
|
|
</div>
|
|
|
|
<div>
|
|
<div class="row">
|
|
<div class="col-md-12 col-sm-12">
|
|
|
|
<div id="vulnResultsPanel">
|
|
|
|
<!-- Results Panel -->
|
|
<div id="latestVulnsArea">
|
|
|
|
<div id="latestVulnsTitleRow" class="row">
|
|
<span class="hidden-md col-lg-9"> <strong class="h4Size">Last
|
|
20 Scored Vulnerability IDs & Summaries</strong>
|
|
</span> <span class="hidden-md col-lg-3"> <strong class="h4Size">CVSS
|
|
Severity </strong>
|
|
</span>
|
|
</div>
|
|
<ul id="latestVulns">
|
|
|
|
<li>
|
|
<div class="col-lg-9">
|
|
<p>
|
|
<strong><a href="/vuln/detail/CVE-2023-52585"
|
|
id="cveDetailAnchor-0">CVE-2023-52585</a></strong> - In the Linux kernel, the following vulnerability has been resolved:
|
|
|
|
drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()
|
|
|
|
Return invalid error code -EINVAL for invalid block id.
|
|
|
|
Fixes the below:
|
|
|
|
drivers/gpu/drm/am...
|
|
|
|
<a
|
|
href="/vuln/detail/CVE-2023-52585#vulnDescriptionTitle">read CVE-2023-52585</a><br> <strong>Published:</strong>
|
|
March 06, 2024; 2:15:07 AM -0500
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-3">
|
|
<p id="severity-score-0">
|
|
|
|
|
|
</p>
|
|
</div>
|
|
</li>
|
|
|
|
<li>
|
|
<div class="col-lg-9">
|
|
<p>
|
|
<strong><a href="/vuln/detail/CVE-2023-52591"
|
|
id="cveDetailAnchor-1">CVE-2023-52591</a></strong> - In the Linux kernel, the following vulnerability has been resolved:
|
|
|
|
reiserfs: Avoid touching renamed directory if parent does not change
|
|
|
|
The VFS will not be locking moved directory if its parent does not
|
|
change. Change reiserfs rename code to av...
|
|
|
|
<a
|
|
href="/vuln/detail/CVE-2023-52591#vulnDescriptionTitle">read CVE-2023-52591</a><br> <strong>Published:</strong>
|
|
March 06, 2024; 2:15:08 AM -0500
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-3">
|
|
<p id="severity-score-1">
|
|
|
|
|
|
</p>
|
|
</div>
|
|
</li>
|
|
|
|
<li>
|
|
<div class="col-lg-9">
|
|
<p>
|
|
<strong><a href="/vuln/detail/CVE-2023-52597"
|
|
id="cveDetailAnchor-2">CVE-2023-52597</a></strong> - In the Linux kernel, the following vulnerability has been resolved:
|
|
|
|
KVM: s390: fix setting of fpc register
|
|
|
|
kvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control
|
|
(fpc) register of a guest cpu. The new value is tested for validity...
|
|
|
|
<a
|
|
href="/vuln/detail/CVE-2023-52597#vulnDescriptionTitle">read CVE-2023-52597</a><br> <strong>Published:</strong>
|
|
March 06, 2024; 2:15:09 AM -0500
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-3">
|
|
<p id="severity-score-2">
|
|
|
|
|
|
</p>
|
|
</div>
|
|
</li>
|
|
|
|
<li>
|
|
<div class="col-lg-9">
|
|
<p>
|
|
<strong><a href="/vuln/detail/CVE-2023-52601"
|
|
id="cveDetailAnchor-3">CVE-2023-52601</a></strong> - In the Linux kernel, the following vulnerability has been resolved:
|
|
|
|
jfs: fix array-index-out-of-bounds in dbAdjTree
|
|
|
|
Currently there is a bound check missing in the dbAdjTree while
|
|
accessing the dmt_stree. To add the required check added the bool...
|
|
|
|
<a
|
|
href="/vuln/detail/CVE-2023-52601#vulnDescriptionTitle">read CVE-2023-52601</a><br> <strong>Published:</strong>
|
|
March 06, 2024; 2:15:10 AM -0500
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-3">
|
|
<p id="severity-score-3">
|
|
|
|
|
|
</p>
|
|
</div>
|
|
</li>
|
|
|
|
<li>
|
|
<div class="col-lg-9">
|
|
<p>
|
|
<strong><a href="/vuln/detail/CVE-2023-52602"
|
|
id="cveDetailAnchor-4">CVE-2023-52602</a></strong> - In the Linux kernel, the following vulnerability has been resolved:
|
|
|
|
jfs: fix slab-out-of-bounds Read in dtSearch
|
|
|
|
Currently while searching for current page in the sorted entry table
|
|
of the page there is a out of bound access. Added a bound check...
|
|
|
|
<a
|
|
href="/vuln/detail/CVE-2023-52602#vulnDescriptionTitle">read CVE-2023-52602</a><br> <strong>Published:</strong>
|
|
March 06, 2024; 2:15:10 AM -0500
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-3">
|
|
<p id="severity-score-4">
|
|
|
|
|
|
</p>
|
|
</div>
|
|
</li>
|
|
|
|
<li>
|
|
<div class="col-lg-9">
|
|
<p>
|
|
<strong><a href="/vuln/detail/CVE-2023-52607"
|
|
id="cveDetailAnchor-5">CVE-2023-52607</a></strong> - In the Linux kernel, the following vulnerability has been resolved:
|
|
|
|
powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
|
|
|
|
kasprintf() returns a pointer to dynamically allocated memory
|
|
which can be NULL upon failure. Ensure the allocation...
|
|
|
|
<a
|
|
href="/vuln/detail/CVE-2023-52607#vulnDescriptionTitle">read CVE-2023-52607</a><br> <strong>Published:</strong>
|
|
March 06, 2024; 2:15:11 AM -0500
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-3">
|
|
<p id="severity-score-5">
|
|
|
|
|
|
</p>
|
|
</div>
|
|
</li>
|
|
|
|
<li>
|
|
<div class="col-lg-9">
|
|
<p>
|
|
<strong><a href="/vuln/detail/CVE-2024-26627"
|
|
id="cveDetailAnchor-6">CVE-2024-26627</a></strong> - In the Linux kernel, the following vulnerability has been resolved:
|
|
|
|
scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler
|
|
|
|
Inside scsi_eh_wakeup(), scsi_host_busy() is called & checked with host
|
|
lock every time for deciding ...
|
|
|
|
<a
|
|
href="/vuln/detail/CVE-2024-26627#vulnDescriptionTitle">read CVE-2024-26627</a><br> <strong>Published:</strong>
|
|
March 06, 2024; 2:15:12 AM -0500
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-3">
|
|
<p id="severity-score-6">
|
|
|
|
|
|
</p>
|
|
</div>
|
|
</li>
|
|
|
|
<li>
|
|
<div class="col-lg-9">
|
|
<p>
|
|
<strong><a href="/vuln/detail/CVE-2021-46978"
|
|
id="cveDetailAnchor-7">CVE-2021-46978</a></strong> - In the Linux kernel, the following vulnerability has been resolved:
|
|
|
|
KVM: nVMX: Always make an attempt to map eVMCS after migration
|
|
|
|
When enlightened VMCS is in use and nested state is migrated with
|
|
vmx_get_nested_state()/vmx_set_nested_state() KV...
|
|
|
|
<a
|
|
href="/vuln/detail/CVE-2021-46978#vulnDescriptionTitle">read CVE-2021-46978</a><br> <strong>Published:</strong>
|
|
February 28, 2024; 4:15:37 AM -0500
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-3">
|
|
<p id="severity-score-7">
|
|
|
|
|
|
</p>
|
|
</div>
|
|
</li>
|
|
|
|
<li>
|
|
<div class="col-lg-9">
|
|
<p>
|
|
<strong><a href="/vuln/detail/CVE-2021-46973"
|
|
id="cveDetailAnchor-8">CVE-2021-46973</a></strong> - In the Linux kernel, the following vulnerability has been resolved:
|
|
|
|
net: qrtr: Avoid potential use after free in MHI send
|
|
|
|
It is possible that the MHI ul_callback will be invoked immediately
|
|
following the queueing of the skb for transmission, lea...
|
|
|
|
<a
|
|
href="/vuln/detail/CVE-2021-46973#vulnDescriptionTitle">read CVE-2021-46973</a><br> <strong>Published:</strong>
|
|
February 27, 2024; 2:04:07 PM -0500
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-3">
|
|
<p id="severity-score-8">
|
|
|
|
|
|
</p>
|
|
</div>
|
|
</li>
|
|
|
|
<li>
|
|
<div class="col-lg-9">
|
|
<p>
|
|
<strong><a href="/vuln/detail/CVE-2021-46957"
|
|
id="cveDetailAnchor-9">CVE-2021-46957</a></strong> - In the Linux kernel, the following vulnerability has been resolved:
|
|
|
|
riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe
|
|
|
|
The execution of sys_read end up hitting a BUG_ON() in __find_get_block
|
|
after installing kprobe at sys_rea...
|
|
|
|
<a
|
|
href="/vuln/detail/CVE-2021-46957#vulnDescriptionTitle">read CVE-2021-46957</a><br> <strong>Published:</strong>
|
|
February 27, 2024; 2:04:06 PM -0500
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-3">
|
|
<p id="severity-score-9">
|
|
|
|
|
|
</p>
|
|
</div>
|
|
</li>
|
|
|
|
<li>
|
|
<div class="col-lg-9">
|
|
<p>
|
|
<strong><a href="/vuln/detail/CVE-2020-16304"
|
|
id="cveDetailAnchor-10">CVE-2020-16304</a></strong> - A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51.
|
|
|
|
<br> <strong>Published:</strong>
|
|
August 12, 2020; 11:15:14 PM -0400
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-3">
|
|
<p id="severity-score-10">
|
|
|
|
<span id="cvss3-link-10"> <em>V3.1:</em> <a
|
|
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2020-16304&vector=AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H&version=3.1&source=NIST"
|
|
class="label label-warning" data-testid="vuln-cvss3-link-10" aria-label="V3 score for CVE-2020-16304">5.5 MEDIUM</a><br />
|
|
</span> <span id="cvss2-link-10"> <em> V2.0:</em> <a
|
|
href="/vuln-metrics/cvss/v2-calculator?name=CVE-2020-16304&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)&version=2.0&source=NIST"
|
|
class="label label-warning" data-testid="vuln-cvss2-link-10" aria-label="V2 score for CVE-2020-16304">4.3 MEDIUM</a><br />
|
|
</span>
|
|
</p>
|
|
</div>
|
|
</li>
|
|
|
|
<li>
|
|
<div class="col-lg-9">
|
|
<p>
|
|
<strong><a href="/vuln/detail/CVE-2020-16297"
|
|
id="cveDetailAnchor-11">CVE-2020-16297</a></strong> - A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
|
|
|
|
<br> <strong>Published:</strong>
|
|
August 12, 2020; 11:15:13 PM -0400
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-3">
|
|
<p id="severity-score-11">
|
|
|
|
<span id="cvss3-link-11"> <em>V3.1:</em> <a
|
|
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2020-16297&vector=AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H&version=3.1&source=NIST"
|
|
class="label label-warning" data-testid="vuln-cvss3-link-11" aria-label="V3 score for CVE-2020-16297">5.5 MEDIUM</a><br />
|
|
</span> <span id="cvss2-link-11"> <em> V2.0:</em> <a
|
|
href="/vuln-metrics/cvss/v2-calculator?name=CVE-2020-16297&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)&version=2.0&source=NIST"
|
|
class="label label-warning" data-testid="vuln-cvss2-link-11" aria-label="V2 score for CVE-2020-16297">4.3 MEDIUM</a><br />
|
|
</span>
|
|
</p>
|
|
</div>
|
|
</li>
|
|
|
|
<li>
|
|
<div class="col-lg-9">
|
|
<p>
|
|
<strong><a href="/vuln/detail/CVE-2023-36274"
|
|
id="cveDetailAnchor-12">CVE-2023-36274</a></strong> - LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.
|
|
|
|
<br> <strong>Published:</strong>
|
|
June 23, 2023; 11:15:10 AM -0400
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-3">
|
|
<p id="severity-score-12">
|
|
|
|
<span id="cvss3-link-12"> <em>V3.1:</em> <a
|
|
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2023-36274&vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&version=3.1&source=NIST"
|
|
class="label label-danger" data-testid="vuln-cvss3-link-12" aria-label="V3 score for CVE-2023-36274">8.8 HIGH</a><br />
|
|
</span>
|
|
</p>
|
|
</div>
|
|
</li>
|
|
|
|
<li>
|
|
<div class="col-lg-9">
|
|
<p>
|
|
<strong><a href="/vuln/detail/CVE-2023-36271"
|
|
id="cveDetailAnchor-13">CVE-2023-36271</a></strong> - LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.
|
|
|
|
<br> <strong>Published:</strong>
|
|
June 23, 2023; 11:15:10 AM -0400
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-3">
|
|
<p id="severity-score-13">
|
|
|
|
<span id="cvss3-link-13"> <em>V3.1:</em> <a
|
|
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2023-36271&vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&version=3.1&source=NIST"
|
|
class="label label-danger" data-testid="vuln-cvss3-link-13" aria-label="V3 score for CVE-2023-36271">8.8 HIGH</a><br />
|
|
</span>
|
|
</p>
|
|
</div>
|
|
</li>
|
|
|
|
<li>
|
|
<div class="col-lg-9">
|
|
<p>
|
|
<strong><a href="/vuln/detail/CVE-2023-36272"
|
|
id="cveDetailAnchor-14">CVE-2023-36272</a></strong> - LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.
|
|
|
|
<br> <strong>Published:</strong>
|
|
June 23, 2023; 11:15:10 AM -0400
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-3">
|
|
<p id="severity-score-14">
|
|
|
|
<span id="cvss3-link-14"> <em>V3.1:</em> <a
|
|
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2023-36272&vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&version=3.1&source=NIST"
|
|
class="label label-danger" data-testid="vuln-cvss3-link-14" aria-label="V3 score for CVE-2023-36272">8.8 HIGH</a><br />
|
|
</span>
|
|
</p>
|
|
</div>
|
|
</li>
|
|
|
|
<li>
|
|
<div class="col-lg-9">
|
|
<p>
|
|
<strong><a href="/vuln/detail/CVE-2019-8394"
|
|
id="cveDetailAnchor-15">CVE-2019-8394</a></strong> - Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
|
|
|
|
<br> <strong>Published:</strong>
|
|
February 16, 2019; 11:29:00 PM -0500
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-3">
|
|
<p id="severity-score-15">
|
|
|
|
<span id="cvss3-link-15"> <em>V3.1:</em> <a
|
|
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2019-8394&vector=AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N&version=3.1&source=NIST"
|
|
class="label label-warning" data-testid="vuln-cvss3-link-15" aria-label="V3 score for CVE-2019-8394">6.5 MEDIUM</a><br />
|
|
</span> <span id="cvss2-link-15"> <em> V2.0:</em> <a
|
|
href="/vuln-metrics/cvss/v2-calculator?name=CVE-2019-8394&vector=(AV:N/AC:L/Au:S/C:N/I:P/A:N)&version=2.0&source=NIST"
|
|
class="label label-warning" data-testid="vuln-cvss2-link-15" aria-label="V2 score for CVE-2019-8394">4.0 MEDIUM</a><br />
|
|
</span>
|
|
</p>
|
|
</div>
|
|
</li>
|
|
|
|
<li>
|
|
<div class="col-lg-9">
|
|
<p>
|
|
<strong><a href="/vuln/detail/CVE-2018-20753"
|
|
id="cveDetailAnchor-16">CVE-2018-20753</a></strong> - Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the ...
|
|
|
|
<a
|
|
href="/vuln/detail/CVE-2018-20753#vulnDescriptionTitle">read CVE-2018-20753</a><br> <strong>Published:</strong>
|
|
February 05, 2019; 1:29:00 AM -0500
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-3">
|
|
<p id="severity-score-16">
|
|
|
|
<span id="cvss3-link-16"> <em>V3.1:</em> <a
|
|
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2018-20753&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST"
|
|
class="label label-critical" data-testid="vuln-cvss3-link-16" aria-label="V3 score for CVE-2018-20753">9.8 CRITICAL</a><br />
|
|
</span> <span id="cvss2-link-16"> <em> V2.0:</em> <a
|
|
href="/vuln-metrics/cvss/v2-calculator?name=CVE-2018-20753&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)&version=2.0&source=NIST"
|
|
class="label label-danger" data-testid="vuln-cvss2-link-16" aria-label="V2 score for CVE-2018-20753">7.5 HIGH</a><br />
|
|
</span>
|
|
</p>
|
|
</div>
|
|
</li>
|
|
|
|
<li>
|
|
<div class="col-lg-9">
|
|
<p>
|
|
<strong><a href="/vuln/detail/CVE-2018-19323"
|
|
id="cveDetailAnchor-17">CVE-2018-19323</a></strong> - The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).
|
|
|
|
<br> <strong>Published:</strong>
|
|
December 21, 2018; 6:29:00 PM -0500
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-3">
|
|
<p id="severity-score-17">
|
|
|
|
<span id="cvss3-link-17"> <em>V3.1:</em> <a
|
|
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2018-19323&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST"
|
|
class="label label-critical" data-testid="vuln-cvss3-link-17" aria-label="V3 score for CVE-2018-19323">9.8 CRITICAL</a><br />
|
|
</span> <span id="cvss2-link-17"> <em> V2.0:</em> <a
|
|
href="/vuln-metrics/cvss/v2-calculator?name=CVE-2018-19323&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:C)&version=2.0&source=NIST"
|
|
class="label label-danger" data-testid="vuln-cvss2-link-17" aria-label="V2 score for CVE-2018-19323">9.0 HIGH</a><br />
|
|
</span>
|
|
</p>
|
|
</div>
|
|
</li>
|
|
|
|
<li>
|
|
<div class="col-lg-9">
|
|
<p>
|
|
<strong><a href="/vuln/detail/CVE-2018-19322"
|
|
id="cveDetailAnchor-18">CVE-2018-19322</a></strong> - The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be l...
|
|
|
|
<a
|
|
href="/vuln/detail/CVE-2018-19322#vulnDescriptionTitle">read CVE-2018-19322</a><br> <strong>Published:</strong>
|
|
December 21, 2018; 6:29:00 PM -0500
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-3">
|
|
<p id="severity-score-18">
|
|
|
|
<span id="cvss3-link-18"> <em>V3.1:</em> <a
|
|
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2018-19322&vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST"
|
|
class="label label-danger" data-testid="vuln-cvss3-link-18" aria-label="V3 score for CVE-2018-19322">7.8 HIGH</a><br />
|
|
</span> <span id="cvss2-link-18"> <em> V2.0:</em> <a
|
|
href="/vuln-metrics/cvss/v2-calculator?name=CVE-2018-19322&vector=(AV:L/AC:L/Au:N/C:P/I:P/A:P)&version=2.0&source=NIST"
|
|
class="label label-warning" data-testid="vuln-cvss2-link-18" aria-label="V2 score for CVE-2018-19322">4.6 MEDIUM</a><br />
|
|
</span>
|
|
</p>
|
|
</div>
|
|
</li>
|
|
|
|
<li>
|
|
<div class="col-lg-9">
|
|
<p>
|
|
<strong><a href="/vuln/detail/CVE-2018-19321"
|
|
id="cveDetailAnchor-19">CVE-2018-19321</a></strong> - The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This co...
|
|
|
|
<a
|
|
href="/vuln/detail/CVE-2018-19321#vulnDescriptionTitle">read CVE-2018-19321</a><br> <strong>Published:</strong>
|
|
December 21, 2018; 6:29:00 PM -0500
|
|
</p>
|
|
</div>
|
|
<div class="col-lg-3">
|
|
<p id="severity-score-19">
|
|
|
|
<span id="cvss3-link-19"> <em>V3.1:</em> <a
|
|
href="/vuln-metrics/cvss/v3-calculator?name=CVE-2018-19321&vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST"
|
|
class="label label-danger" data-testid="vuln-cvss3-link-19" aria-label="V3 score for CVE-2018-19321">7.8 HIGH</a><br />
|
|
</span> <span id="cvss2-link-19"> <em> V2.0:</em> <a
|
|
href="/vuln-metrics/cvss/v2-calculator?name=CVE-2018-19321&vector=(AV:L/AC:L/Au:N/C:C/I:C/A:C)&version=2.0&source=NIST"
|
|
class="label label-danger" data-testid="vuln-cvss2-link-19" aria-label="V2 score for CVE-2018-19321">7.2 HIGH</a><br />
|
|
</span>
|
|
</p>
|
|
</div>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<div class="col-md-12 historical-data-area" id="historical-data-area">
|
|
<span>
|
|
Created
|
|
<span id="page-created-date">
|
|
|
|
<span>September 20, 2022</span>
|
|
|
|
|
|
|
|
</span>,
|
|
</span>
|
|
Updated
|
|
<span id="page-updated-date">
|
|
|
|
<span>August 27, 2024</span>
|
|
|
|
|
|
|
|
</span>
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</main>
|
|
<footer id="footer" role="contentinfo">
|
|
<div class="container">
|
|
|
|
<div class="row">
|
|
<div class="col-sm-12">
|
|
<ul class="social-list pull-right">
|
|
<li class="field-item service-twitter list-horiz"><a
|
|
href="https://twitter.com/NISTCyber" target="_blank" rel="noopener noreferrer"
|
|
class="social-btn social-btn--large extlink ext"> <i
|
|
class="fa fa-twitter fa-fw"><span class="element-invisible">twitter</span></i><span
|
|
class="ext"><span class="element-invisible"> (link
|
|
is external)</span></span>
|
|
</a></li>
|
|
<li class="field-item service-facebook list-horiz"><a
|
|
href="https://www.facebook.com/NIST" target="_blank" rel="noopener noreferrer"
|
|
class="social-btn social-btn--large extlink ext"> <i
|
|
class="fa fa-facebook fa-fw"><span class="element-invisible">facebook</span></i><span
|
|
class="ext"><span class="element-invisible"> (link
|
|
is external)</span></span></a></li>
|
|
<li class="field-item service-linkedin list-horiz"><a
|
|
href="https://www.linkedin.com/company/nist" target="_blank" rel="noopener noreferrer"
|
|
class="social-btn social-btn--large extlink ext"> <i
|
|
class="fa fa-linkedin fa-fw"><span class="element-invisible">linkedin</span></i><span
|
|
class="ext"><span class="element-invisible"> (link
|
|
is external)</span></span></a></li>
|
|
<li class="field-item service-youtube list-horiz"><a
|
|
href="https://www.youtube.com/user/USNISTGOV" target="_blank" rel="noopener noreferrer"
|
|
class="social-btn social-btn--large extlink ext"> <i
|
|
class="fa fa-youtube fa-fw"><span class="element-invisible">youtube</span></i><span
|
|
class="ext"><span class="element-invisible"> (link
|
|
is external)</span></span></a></li>
|
|
<li class="field-item service-rss list-horiz"><a
|
|
href="https://www.nist.gov/news-events/nist-rss-feeds"
|
|
target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink">
|
|
<i class="fa fa-rss fa-fw"><span class="element-invisible">rss</span></i>
|
|
</a></li>
|
|
<li class="field-item service-govdelivery list-horiz last"><a
|
|
href="https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3"
|
|
target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext">
|
|
<i class="fa fa-envelope fa-fw"><span
|
|
class="element-invisible">govdelivery</span></i><span class="ext"><span
|
|
class="element-invisible"> (link is external)</span></span>
|
|
</a></li>
|
|
</ul>
|
|
<span class="hidden-xs"> <a
|
|
title="National Institute of Standards and Technology" rel="home"
|
|
class="footer-nist-logo"> <img
|
|
src="/site-media/images/nist/nist-logo.png"
|
|
alt="National Institute of Standards and Technology logo" />
|
|
</a>
|
|
</span>
|
|
</div>
|
|
</div>
|
|
<div class="row hidden-sm hidden-md hidden-lg">
|
|
<div class="col-sm-12">
|
|
<a href="https://www.nist.gov"
|
|
title="National Institute of Standards and Technology" rel="home"
|
|
target="_blank" rel="noopener noreferrer" class="footer-nist-logo"> <img
|
|
src="/site-media/images/nist/nist-logo.png"
|
|
alt="National Institute of Standards and Technology logo" />
|
|
</a>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="row footer-contact-container">
|
|
<div class="col-sm-6">
|
|
<strong>HEADQUARTERS</strong>
|
|
<br>
|
|
100 Bureau Drive
|
|
<br>
|
|
Gaithersburg, MD 20899
|
|
<br>
|
|
<a href="tel:301-975-2000">(301) 975-2000</a>
|
|
<br>
|
|
<br>
|
|
<a href="mailto:nvd@nist.gov">Webmaster</a> | <a
|
|
href="https://www.nist.gov/about-nist/contact-us">Contact Us</a>
|
|
| <a href="https://www.nist.gov/about-nist/visit"
|
|
style="display: inline-block;">Our Other Offices</a>
|
|
</div>
|
|
<div class="col-sm-6">
|
|
<div class="pull-right"
|
|
style="text-align:right">
|
|
<strong>Incident Response Assistance and Non-NVD Related<br>Technical Cyber Security Questions:</strong>
|
|
<br>
|
|
US-CERT Security Operations Center
|
|
<br> Email: <a href="mailto:soc@us-cert.gov">soc@us-cert.gov</a>
|
|
<br> Phone: 1-888-282-0870
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="row">
|
|
<nav title="Footer Navigation" role="navigation"
|
|
class="row footer-bottom-links-container">
|
|
<!-- https://github.com/usnistgov/nist-header-footer/blob/nist-pages/boilerplate-footer.html -->
|
|
<p>
|
|
<a href="https://www.nist.gov/oism/site-privacy">Site Privacy</a>
|
|
|
|
|
<a href="https://www.nist.gov/oism/accessibility">Accessibility</a>
|
|
|
|
|
<a href="https://www.nist.gov/privacy">Privacy Program</a>
|
|
|
|
|
<a href="https://www.nist.gov/oism/copyrights">Copyrights</a>
|
|
|
|
|
<a href="https://www.commerce.gov/vulnerability-disclosure-policy">Vulnerability Disclosure</a>
|
|
|
|
|
<a href="https://www.nist.gov/no-fear-act-policy">No Fear Act Policy</a>
|
|
|
|
|
<a href="https://www.nist.gov/foia">FOIA</a>
|
|
|
|
|
<a href="https://www.nist.gov/environmental-policy-statement">Environmental Policy</a>
|
|
|
|
|
<a href="https://www.nist.gov/summary-report-scientific-integrity">Scientific Integrity</a>
|
|
|
|
|
<a href="https://www.nist.gov/nist-information-quality-standards">Information Quality Standards</a>
|
|
|
|
|
<a href="https://www.commerce.gov/">Commerce.gov</a>
|
|
|
|
|
<a href="https://www.science.gov/">Science.gov</a>
|
|
|
|
|
<a href="https://www.usa.gov/">USA.gov</a>
|
|
</p>
|
|
</nav>
|
|
</div>
|
|
</div>
|
|
</footer>
|
|
</body>
|
|
</html> |