NVD

NOTICE UPDATED - April, 25th 2024

NIST has updated the NVD program announcement page with additional information regarding recent concerns and the temporary delays in enrichment efforts.

New 2.0 APIs

Change Timeline

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement

New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2008-6662 - AVG Anti-Virus for Linux 7.5.51, and possibly earlier, allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via a malformed UPX compressed file, which triggers memory corruption.
Published: April 07, 2009; 7:30:00 PM -0400

V2.0: 4.3 MEDIUM
CVE-2008-6661 - Multiple integer overflows in the scanning engine in Bitdefender for Linux 7.60825 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed (1) NeoLite and (2) ASProtect packed PE f... read CVE-2008-6661
Published: April 07, 2009; 7:30:00 PM -0400

V2.0: 5.0 MEDIUM
CVE-2009-0849 - Stack-based buffer overflow in the DtbClsLogin function in NovaStor NovaNET 12 allows remote attackers to (1) execute arbitrary code on Linux platforms via a long username field during backup domain authentication, related to libnnlindtb.so; or (2... read CVE-2009-0849
Published: March 09, 2009; 1:30:00 PM -0400

V2.0: 7.5 HIGH
CVE-2009-0521 - Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH.
Published: February 26, 2009; 11:17:19 AM -0500

V2.0: 4.6 MEDIUM
CVE-2023-52355 - An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 3... read CVE-2023-52355
Published: January 25, 2024; 3:15:38 PM -0500

V3.1: 7.5 HIGH
CVE-2009-0601 - Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable.
Published: February 16, 2009; 3:30:03 PM -0500

V2.0: 2.1 LOW
CVE-2010-3640 - Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corrup... read CVE-2010-3640
Published: November 07, 2010; 5:00:02 PM -0500

V2.0: 9.3 HIGH
CVE-2010-3636 - Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remot... read CVE-2010-3636
Published: November 07, 2010; 5:00:01 PM -0500

V2.0: 9.3 HIGH
CVE-2010-3639 - Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via u... read CVE-2010-3639
Published: November 07, 2010; 5:00:01 PM -0500

V2.0: 9.3 HIGH
CVE-2010-2594 - Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Sn... read CVE-2010-2594
Published: July 02, 2010; 8:43:52 AM -0400

V2.0: 6.8 MEDIUM
CVE-2010-1556 - Unspecified vulnerability in HP Systems Insight Manager (SIM) 5.3, 5.3 Update 1, and 6.0 allows remote attackers to obtain sensitive information and modify data via unknown vectors.
Published: May 14, 2010; 4:30:01 PM -0400

V2.0: 6.4 MEDIUM
CVE-2009-3733 - Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.
Published: November 02, 2009; 10:30:00 AM -0500

V2.0: 5.0 MEDIUM
CVE-2009-3692 - Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.
Published: October 13, 2009; 6:30:00 AM -0400

V2.0: 7.2 HIGH
CVE-2009-3588 - Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 ... read CVE-2009-3588
Published: October 13, 2009; 6:30:00 AM -0400

V2.0: 4.3 MEDIUM
CVE-2009-3587 - Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 ... read CVE-2009-3587
Published: October 13, 2009; 6:30:00 AM -0400

V2.0: 9.3 HIGH
CVE-2009-1493 - The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that tri... read CVE-2009-1493
Published: April 30, 2009; 4:30:00 PM -0400

V2.0: 6.8 MEDIUM
CVE-2010-3650 - Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corrup... read CVE-2010-3650
Published: November 07, 2010; 5:00:02 PM -0500

V2.0: 9.3 HIGH
CVE-2010-3649 - Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corrup... read CVE-2010-3649
Published: November 07, 2010; 5:00:02 PM -0500

V2.0: 9.3 HIGH
CVE-2010-3648 - Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corrup... read CVE-2010-3648
Published: November 07, 2010; 5:00:02 PM -0500

V2.0: 9.3 HIGH
CVE-2010-3647 - Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corrup... read CVE-2010-3647
Published: November 07, 2010; 5:00:02 PM -0500

V2.0: 9.3 HIGH

Created September 20, 2022 , Updated April 25, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: