NVD - Home

<!DOCTYPE html> <html lang="en"> <head><script type="text/javascript" src="https://web-static.archive.org/_static/js/bundle-playback.js?v=7YQSqjSh" charset="utf-8"></script> <script type="text/javascript" src="https://web-static.archive.org/_static/js/wombat.js?v=txqj7nKC" charset="utf-8"></script> <script>window.RufflePlayer=window.RufflePlayer||{};window.RufflePlayer.config={"autoplay":"on","unmuteOverlay":"hidden"};</script> <script type="text/javascript" src="https://web-static.archive.org/_static/js/ruffle/ruffle.js"></script> <script type="text/javascript"> __wm.init("https://web.archive.org/web"); __wm.wombat("http://nvd.nist.gov/","20230329030701","https://web.archive.org/","web","https://web-static.archive.org/_static/", "1680059221"); </script> <link rel="stylesheet" type="text/css" href="https://web-static.archive.org/_static/css/banner-styles.css?v=p7PEIJWi" /> <link rel="stylesheet" type="text/css" href="https://web-static.archive.org/_static/css/iconochive.css?v=3PDvdIFv" />  <title>NVD - Home</title> <meta http-equiv="content-type" content="text/html; charset=UTF-8"/> <meta http-equiv="content-style-type" content="text/css"/> <meta http-equiv="content-script-type" content="text/javascript"/> <meta name="viewport" content="width=device-width, initial-scale=1.0"/> <link href="/web/20230329030701cs_/http://nvd.nist.gov/site-scripts/font-awesome/css/font-awesome.min.css" type="text/css" rel="stylesheet"/> <link href="/web/20230329030701cs_/http://nvd.nist.gov/site-media/bootstrap/css/bootstrap.min.css" type="text/css" rel="stylesheet"/> <link href="/web/20230329030701cs_/http://nvd.nist.gov/site-media/bootstrap/css/bootstrap-theme.min.css" type="text/css" rel="stylesheet"/> <link href="/web/20230329030701cs_/http://nvd.nist.gov/site-scripts/eonasdan-bootstrap-datetimepicker/build/css/bootstrap-datetimepicker.min.css" type="text/css" rel="stylesheet"/> <link href="/web/20230329030701cs_/http://nvd.nist.gov/site-media/css/nist-fonts.css" type="text/css" rel="stylesheet"/> <link href="/web/20230329030701cs_/http://nvd.nist.gov/site-media/css/base-style.css" type="text/css" rel="stylesheet"/> <link href="/web/20230329030701cs_/http://nvd.nist.gov/site-media/css/media-resize.css" type="text/css" rel="stylesheet"/> <meta name="theme-color" content="#000000"> <script src="/web/20230329030701js_/http://nvd.nist.gov/site-scripts/jquery/dist/jquery.min.js" type="text/javascript"></script> <script src="/web/20230329030701js_/http://nvd.nist.gov/site-scripts/jquery-visible/jquery.visible.min.js" type="text/javascript"></script> <script src="/web/20230329030701js_/http://nvd.nist.gov/site-scripts/underscore/underscore-min.js" type="text/javascript"></script> <script src="/web/20230329030701js_/http://nvd.nist.gov/site-media/bootstrap/js/bootstrap.js" type="text/javascript"></script> <script src="/web/20230329030701js_/http://nvd.nist.gov/site-scripts/moment/min/moment.min.js" type="text/javascript"></script> <script src="/web/20230329030701js_/http://nvd.nist.gov/site-scripts/eonasdan-bootstrap-datetimepicker/build/js/bootstrap-datetimepicker.min.js" type="text/javascript"></script> <script src="/web/20230329030701js_/http://nvd.nist.gov/site-media/js/megamenu.js" type="text/javascript"></script> <script src="/web/20230329030701js_/http://nvd.nist.gov/site-media/js/nist-exit-script.js" type="text/javascript"></script> <script src="/web/20230329030701js_/http://nvd.nist.gov/site-media/js/forms.js" type="text/javascript"></script>  <script src="/web/20230329030701js_/http://nvd.nist.gov/site-media/js/federated-analytics.all.min.js?agency=NIST&subagency=nvd&pua=UA-37115410-41&yt=true" type="text/javascript" id="_fed_an_js_tag"></script> <style id="antiClickjack"> body>* { display: none !important; } #antiClickjack { display: block !important; } </style> <noscript> <style id="antiClickjackNoScript"> body>* { display: block !important; } #antiClickjack { display: none !important; } </style> </noscript> <script type="text/javascript" id="antiClickjackScript"> if (self === top) { // no clickjacking var antiClickjack = document.getElementById("antiClickjack"); antiClickjack.parentNode.removeChild(antiClickjack); } else { setTimeout(tryForward(), 5000); } function tryForward() { top.location = self.location; } </script> <meta charset="UTF-8"> <link href="/web/20230329030701cs_/http://nvd.nist.gov/site-media/css/nvd-style.css" type="text/css" rel="stylesheet"/> <link href="/web/20230329030701im_/http://nvd.nist.gov/site-media/images/favicons/apple-touch-icon.png" rel="apple-touch-icon" type="image/png" sizes="180x180"/> <link href="/web/20230329030701im_/http://nvd.nist.gov/site-media/images/favicons/favicon-32x32.png" rel="icon" type="image/png" sizes="32x32"/> <link href="/web/20230329030701im_/http://nvd.nist.gov/site-media/images/favicons/favicon-16x16.png" rel="icon" type="image/png" sizes="16x16"/> <link href="/web/20230329030701/http://nvd.nist.gov/site-media/images/favicons/manifest.json" rel="manifest"/> <link href="/web/20230329030701im_/http://nvd.nist.gov/site-media/images/favicons/safari-pinned-tab.svg" rel="mask-icon" color="#000000"/> <link href="/web/20230329030701im_/http://nvd.nist.gov/site-media/images/favicons/favicon.ico" rel="shortcut icon"/> <meta name="msapplication-config" content="/site-media/images/favicons/browserconfig.xml"/> <link href="/web/20230329030701im_/http://nvd.nist.gov/site-media/images/favicons/favicon.ico" rel="shortcut icon" type="image/x-icon"/> <link href="/web/20230329030701im_/http://nvd.nist.gov/site-media/images/favicons/favicon.ico" rel="icon" type="image/x-icon"/> <meta charset="UTF-8"> <meta charset="UTF-8"> </head> <body> <header role="banner" title="Site Banner"> <div id="antiClickjack" style="display: none"> <h1>You are viewing this page in an unauthorized frame window.</h1> <p> This is a potential security issue, you are being redirected to <a href="https://web.archive.org/web/20230329030701/https://nvd.nist.gov/">https://nvd.nist.gov</a> </p> </div> <div> <section class="usa-banner" aria-label="Official government website"> <div class="usa-accordion container"> <header class="usa-banner__header"> <noscript> <p style="font-size: 0.85rem; font-weight: bold;">You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.</p> </noscript> <img class="usa-banner__header-flag" src="/web/20230329030701im_/http://nvd.nist.gov/site-media/images/usbanner/us_flag_small.png" alt="U.S. flag">   <span class="usa-banner__header-text">An official website of the United States government</span> <button id="gov-banner-button" class="usa-accordion__button usa-banner__button" data-toggle="collapse" data-target="#gov-banner" aria-expanded="false" aria-controls="gov-banner"> <span class="usa-banner__button-text">Here's how you know</span> </button> </header> <div class="usa-banner__content usa-accordion__content collapse" role="tabpanel" id="gov-banner" aria-expanded="true"> <div class="row"> <div class="col-md-5 col-sm-12"> <div class="row"> <div class="col-sm-2 col-xs-3"> <img class="usa-banner__icon usa-media-block__img" src="/web/20230329030701im_/http://nvd.nist.gov/site-media/images/usbanner/icon-dot-gov.svg" alt="Dot gov"> </div> <div class="col-sm-10 col-xs-9"> <p> <strong>Official websites use .gov</strong> <br> A <strong>.gov</strong> website belongs to an official government organization in the United States. </p> </div> </div> </div> <div class="col-md-5 col-sm-12"> <div class="row"> <div class="col-sm-2 col-xs-3"> <img class="usa-banner__icon usa-media-block__img" src="/web/20230329030701im_/http://nvd.nist.gov/site-media/images/usbanner/icon-https.svg" alt="Https"> </div> <div class="col-sm-10 col-xs-9"> <p> <strong>Secure .gov websites use HTTPS</strong> <br> A <strong>lock</strong> (<img class="usa-banner__lock" src="/web/20230329030701im_/http://nvd.nist.gov/site-media/images/usbanner/lock.svg" alt="Dot gov">) or <strong>https://</strong> means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. </p> </div> </div> </div> </div> </div> </div> </section> </div> <div> <div> <nav id="navbar" class="navbar"> <div id="nist-menu-container" class="container"> <div class="row">  <div class="col-xs-6 col-md-4 navbar-header" style="height:104px"> <a class="navbar-brand" href="https://web.archive.org/web/20230329030701/https://www.nist.gov/" target="_blank" id="navbar-brand-image" style="padding-top: 36px"> <img alt="National Institute of Standards and Technology" src="/web/20230329030701im_/http://nvd.nist.gov/site-media/images/nist/nist-logo.svg" width="110" height="30"> </a> </div> <div class="col-xs-6 col-md-8 navbar-nist-logo"> <span id="nvd-menu-button" class="pull-right" style="margin-top: 26px"> <a href="#"> <span class="fa fa-bars"></span> <span id="nvd-menu-full-text"><span class="hidden-xxs">NVD </span>MENU</span> </a> </span> </div> </div> </div> <div class="main-menu-row container">  <div id="main-menu-drop" class="col-lg-12" style="display: none;"> <ul> <li><a href="/web/20230329030701/http://nvd.nist.gov/general"> General <span class="expander fa fa-plus" id="nvd-header-menu-general" data-expander-name="general" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="general"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20230329030701/http://nvd.nist.gov/general/nvd-dashboard">NVD Dashboard</a> </p> <p> <a href="/web/20230329030701/http://nvd.nist.gov/general/news">News</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20230329030701/http://nvd.nist.gov/general/email-list">Email List</a> </p> <p> <a href="/web/20230329030701/http://nvd.nist.gov/general/faq">FAQ</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20230329030701/http://nvd.nist.gov/general/visualizations">Visualizations</a> </p> </div> </div> </div></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/vuln"> Vulnerabilities <span class="expander fa fa-plus" id="nvd-header-menu-vulnerabilities" data-expander-name="vulnerabilities" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="vulnerabilities"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20230329030701/http://nvd.nist.gov/vuln/search">Search & Statistics</a> </p> <p> <a href="/web/20230329030701/http://nvd.nist.gov/vuln/full-listing">Full Listing</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20230329030701/http://nvd.nist.gov/vuln/categories">Weakness Types</a> </p> <p> <a href="/web/20230329030701/http://nvd.nist.gov/vuln/data-feeds">Legacy Data Feeds</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20230329030701/http://nvd.nist.gov/vuln/vendor-comments">Vendor Comments</a> </p> <p> <a href="/web/20230329030701/http://nvd.nist.gov/vuln/cvmap">CVMAP</a> </p> </div> </div> </div></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss"> Vulnerability Metrics <span class="expander fa fa-plus" id="nvd-header-menu-metrics" data-expander-name="metrics" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="metrics"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator">CVSS V3 Calculator</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v2-calculator">CVSS V2 Calculator</a> </p> </div> <div class="col-lg-4"></div> </div> </div></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/products"> Products <span class="expander fa fa-plus" id="nvd-header-menu-products" data-expander-name="products" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="products"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20230329030701/http://nvd.nist.gov/products/cpe">CPE Dictionary</a> </p> <p> <a href="/web/20230329030701/http://nvd.nist.gov/products/cpe/search">CPE Search</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20230329030701/http://nvd.nist.gov/products/cpe/statistics">CPE Statistics</a> </p> <p> <a href="/web/20230329030701/http://nvd.nist.gov/products/swid">SWID</a> </p> </div> <div class="col-lg-4"></div> </div> </div></li> <li> <a href="/web/20230329030701/http://nvd.nist.gov/developers">Developers<span class="expander fa fa-plus" id="nvd-header-menu-developers" data-expander-name="developers" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="developers"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20230329030701/http://nvd.nist.gov/developers/start-here">Start Here</a> </p> <p> <a href="/web/20230329030701/http://nvd.nist.gov/developers/request-an-api-key">Request an API Key</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20230329030701/http://nvd.nist.gov/developers/vulnerabilities">Vulnerabilities</a> </p> <p> <a href="/web/20230329030701/http://nvd.nist.gov/developers/products">Products</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20230329030701/http://nvd.nist.gov/developers/data-sources">Data Sources</a> </p> <p> <a href="/web/20230329030701/http://nvd.nist.gov/developers/terms-of-use">Terms of Use</a> </p> </div> </div> </div> </li> <li><a href="/web/20230329030701/http://nvd.nist.gov/info"> Contact NVD </a></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/other"> Other Sites <span class="expander fa fa-plus" id="nvd-header-menu-othersites" data-expander-name="otherSites" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="otherSites"> <div class="row"> <div class="col-lg-4"> <p> <a href="https://web.archive.org/web/20230329030701/https://ncp.nist.gov/">Checklist (NCP) Repository</a> </p> <p> <a href="https://web.archive.org/web/20230329030701/https://ncp.nist.gov/cce">Configurations (CCE)</a> </p> <p> <a href="https://web.archive.org/web/20230329030701/https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search">800-53 Controls</a> </p> </div> <div class="col-lg-4"> <p> <a href="https://web.archive.org/web/20230329030701/https://csrc.nist.gov/projects/scap-validation-program">SCAP Validated Tools</a> </p> <p> <a href="https://web.archive.org/web/20230329030701/https://csrc.nist.gov/projects/security-content-automation-protocol">SCAP</a> </p> </div> <div class="col-lg-4"> <p> <a href="https://web.archive.org/web/20230329030701/https://csrc.nist.gov/projects/united-states-government-configuration-baseline">USGCB</a> </p> </div> </div> </div></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/search"> Search <span class="expander fa fa-plus" id="nvd-header-menu-search" data-expander-name="search" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="search"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20230329030701/http://nvd.nist.gov/vuln/search">Vulnerability Search</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20230329030701/http://nvd.nist.gov/products/cpe/search">CPE Search</a> </p> </div> </div> </div></li> </ul> </div>  </div> </nav> <section id="itl-header" class="has-menu"> <div class="container"> <div class="row"> <div class="col-sm-12 col-md-8"> <h2 class="hidden-xs hidden-sm"> <a href="https://web.archive.org/web/20230329030701/https://www.nist.gov/itl" target="_blank">Information Technology Laboratory</a> </h2> <h1 class="hidden-xs hidden-sm"> <a id="nvd-header-link" href="/web/20230329030701/http://nvd.nist.gov/">National Vulnerability Database</a> </h1> <h1 class="hidden-xs text-center hidden-md hidden-lg">National Vulnerability Database</h1> <h1 class="hidden-sm hidden-md hidden-lg text-center">NVD</h1> </div> <div class="col-sm-12 col-md-4"> <a style="width: 100%; text-align: center; display: block;padding-top: 14px"> <img id="img-logo-nvd-lg" alt="National Vulnerability Database" src="/web/20230329030701im_/http://nvd.nist.gov/site-media/images/F_NIST-Logo-NVD-white.svg" width="500" height="100"> </a> </div> </div> </div> </section> </div> </div> </header> <main> <div> <div id="body-section" class="container"> <div> <div class="row"> <nav title="Side Menu" role="navigation" class="col-lg-3 col-md-4 hidden-sm hidden-xs hidden-xxs"> <ul class="side-nav"> <li><a href="/web/20230329030701/http://nvd.nist.gov/general">General<span class="expander fa fa-plus" id="nvd-side-menu-general" data-expander-name="generalSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="generalSide"> <ul> <li><a href="/web/20230329030701/http://nvd.nist.gov/general/nvd-dashboard">NVD Dashboard</a></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/general/news">News</a></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/general/email-list">Email List</a></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/general/faq">FAQ</a></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/general/visualizations">Visualizations</a></li> </ul> </div></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/vuln"> Vulnerabilities <span class="expander fa fa-plus" id="nvd-side-menu-vulnerabilities" data-expander-name="vulnerabilitiesSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="vulnerabilitiesSide"> <ul> <li><a href="/web/20230329030701/http://nvd.nist.gov/vuln/search">Search & Statistics</a></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/vuln/full-listing">Full Listing</a></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/vuln/categories">Weakness Types</a></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/vuln/data-feeds">Legacy Data Feeds</a></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/vuln/vendor-comments">Vendor Comments</a></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/vuln/cvmap">CVMAP</a></li> </ul> </div></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss"> Vulnerability Metrics <span class="expander fa fa-plus" id="nvd-side-menu-metrics" data-expander-name="metricsSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="metricsSide"> <ul> <li><a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator">CVSS V3 Calculator</a></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v2-calculator">CVSS V2 Calculator</a></li> </ul> </div></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/products"> Products <span class="expander fa fa-plus" id="nvd-side-menu-products" data-expander-name="productsSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="productsSide"> <ul> <li><a href="/web/20230329030701/http://nvd.nist.gov/products/cpe">CPE Dictionary</a></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/products/cpe/search">CPE Search</a></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/products/cpe/statistics">CPE Statistics</a></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/products/swid">SWID</a></li> </ul> </div></li> <li> <a href="/web/20230329030701/http://nvd.nist.gov/developers">Developers<span class="expander fa fa-plus" id="nvd-side-menu-developers" data-expander-name="developersSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="developersSide"> <ul> <li><a href="/web/20230329030701/http://nvd.nist.gov/developers/start-here">Start Here</a></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/developers/request-an-api-key">Request an API Key</a></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/developers/vulnerabilities">Vulnerabilities</a></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/developers/products">Products</a></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/developers/data-sources">Data Sources</a></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/developers/terms-of-use">Terms of Use</a></li> </ul> </div> </li> <li><a href="/web/20230329030701/http://nvd.nist.gov/info"> Contact NVD </a></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/other"> Other Sites <span class="expander fa fa-plus" id="nvd-side-menu-othersites" data-expander-name="otherSitesSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="otherSitesSide"> <ul> <li><a href="https://web.archive.org/web/20230329030701/https://ncp.nist.gov/">Checklist (NCP) Repository</a></li> <li><a href="https://web.archive.org/web/20230329030701/https://ncp.nist.gov/cce">Configurations (CCE)</a></li> <li><a href="https://web.archive.org/web/20230329030701/https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search">800-53 Controls</a></li> <li><a href="https://web.archive.org/web/20230329030701/https://csrc.nist.gov/projects/scap-validation-program">SCAP Validated Tools</a></li> <li><a href="https://web.archive.org/web/20230329030701/https://csrc.nist.gov/projects/security-content-automation-protocol">SCAP</a></li> <li><a href="https://web.archive.org/web/20230329030701/https://csrc.nist.gov/projects/united-states-government-configuration-baseline">USGCB</a></li> </ul> </div></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/search"> Search <span class="expander fa fa-plus" id="nvd-side-menu-search" data-expander-name="searchSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="searchSide"> <ul> <li><a href="/web/20230329030701/http://nvd.nist.gov/vuln/search">Vulnerability Search</a></li> <li><a href="/web/20230329030701/http://nvd.nist.gov/products/cpe/search">CPE Search</a></li> </ul> </div></li> </ul> </nav> <div id="page-content" class="col-lg-9 col-md-8 col-sm-12 col-xs-12 col-xxs-12"> <div class="col-md-4" style="padding:0px;"> <div class="text-center"> <span class="carousel-title"> <a href="/web/20230329030701/http://nvd.nist.gov/general/news/api-20-announcements"> <img alt="The letters N V D typed out in binary" src="/web/20230329030701im_/http://nvd.nist.gov/site-media/images/LandingPage/apiGuidance800x632.png" style="width: 300px; height: 237px;" title="Whats new in API two"> <br/> <strong>New 2.0 APIs</strong> </a> </span> </div> </div> <div class="col-md-4" style="padding:0px;"> <div class="text-center"> <span class="carousel-title"> <a href="/web/20230329030701/http://nvd.nist.gov/general/news/change-timeline"> <img alt="Emphasis on APIs for web automation" src="/web/20230329030701im_/http://nvd.nist.gov/site-media/images/LandingPage/changeTimeline800x632.png" style="width: 300px; height: 237px;" title="Emphasis on APIs for web automation!"> <br/> <strong>2022-23 Change Timeline</strong> </a> </span> </div> </div> <div class="row"> <div class="col-md-4" style="padding:0px;"> <div class="text-center"> <span class="carousel-title"> <a href="/web/20230329030701/http://nvd.nist.gov/general/news/cisa-exploit-catalog"> <img alt="Icon for CISA Known Exploited Vulnerabilities Catalog Announcement" src="/web/20230329030701im_/http://nvd.nist.gov/site-media/images/LandingPage/kevCatalog800x632.png" style="width: 300px; height: 237px;" title="Helping you comply with BOD 22-01"> <br/> <strong>New Parameters</strong> </a> </span> </div> </div> </div> <br/> <span>The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.</span> <br/> <br/> <span>For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult <a href="https://web.archive.org/web/20230329030701/https://data.nist.gov/od/id/1E0F15DAAEFB84E4E0531A5706813DD8436"> NIST's Public Data Repository</a>.</span> <br/> <br/> <div> <div class="row"> <div class="col-md-12 col-sm-12"> <div id="vulnResultsPanel">  <div id="latestVulnsArea"> <div id="latestVulnsTitleRow" class="row"> <span class="hidden-md col-lg-9"> <strong class="h4Size">Last 20 Scored Vulnerability IDs & Summaries</strong> </span> <span class="hidden-md col-lg-3"> <strong class="h4Size">CVSS Severity </strong> </span> </div> <ul id="latestVulns"> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-21039" id="cveDetailAnchor-0">CVE-2023-21039</a></strong> - In dumpstateBoard of Dumpstate.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.P... <a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-21039#vulnDescriptionTitle">read CVE-2023-21039</a><br> <strong>Published:</strong> March 24, 2023; 4:15:13 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-0"> <span id="cvss3-link-0"> <em>V3.1:</em> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-21039&vector=AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N&version=3.1&source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-0" aria-label="V3 score for CVE-2023-21039">4.4 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-21038" id="cveDetailAnchor-1">CVE-2023-21038</a></strong> - In cs40l2x_cp_trigger_queue_show of cs40l2x.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitati... <a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-21038#vulnDescriptionTitle">read CVE-2023-21038</a><br> <strong>Published:</strong> March 24, 2023; 4:15:13 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-1"> <span id="cvss3-link-1"> <em>V3.1:</em> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-21038&vector=AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-1" aria-label="V3 score for CVE-2023-21038">6.7 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-21032" id="cveDetailAnchor-2">CVE-2023-21032</a></strong> - In _ufdt_output_node_to_fdt of ufdt_convert.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploi... <a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-21032#vulnDescriptionTitle">read CVE-2023-21032</a><br> <strong>Published:</strong> March 24, 2023; 4:15:13 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-2"> <span id="cvss3-link-2"> <em>V3.1:</em> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-21032&vector=AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N&version=3.1&source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-2" aria-label="V3 score for CVE-2023-21032">4.4 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-21031" id="cveDetailAnchor-3">CVE-2023-21031</a></strong> - In Display::setPowerMode of HWC2.cpp, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.P... <a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-21031#vulnDescriptionTitle">read CVE-2023-21031</a><br> <strong>Published:</strong> March 24, 2023; 4:15:13 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-3"> <span id="cvss3-link-3"> <em>V3.1:</em> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-21031&vector=AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N&version=3.1&source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-3" aria-label="V3 score for CVE-2023-21031">4.7 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-21034" id="cveDetailAnchor-4">CVE-2023-21034</a></strong> - In multiple functions of SensorService.cpp, there is a possible access of accurate sensor data due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for ... <a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-21034#vulnDescriptionTitle">read CVE-2023-21034</a><br> <strong>Published:</strong> March 24, 2023; 4:15:13 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-4"> <span id="cvss3-link-4"> <em>V3.1:</em> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-21034&vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-4" aria-label="V3 score for CVE-2023-21034">7.8 HIGH</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-21033" id="cveDetailAnchor-5">CVE-2023-21033</a></strong> - In addNetwork of WifiManager.java, there is a possible way to trigger a persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploi... <a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-21033#vulnDescriptionTitle">read CVE-2023-21033</a><br> <strong>Published:</strong> March 24, 2023; 4:15:13 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-5"> <span id="cvss3-link-5"> <em>V3.1:</em> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-21033&vector=AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H&version=3.1&source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-5" aria-label="V3 score for CVE-2023-21033">5.5 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-20990" id="cveDetailAnchor-6">CVE-2023-20990</a></strong> - In btm_read_local_oob_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploit... <a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-20990#vulnDescriptionTitle">read CVE-2023-20990</a><br> <strong>Published:</strong> March 24, 2023; 4:15:11 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-6"> <span id="cvss3-link-6"> <em>V3.1:</em> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-20990&vector=AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N&version=3.1&source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-6" aria-label="V3 score for CVE-2023-20990">4.4 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-20989" id="cveDetailAnchor-7">CVE-2023-20989</a></strong> - In btm_ble_write_adv_enable_complete of btm_ble_gap.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed f... <a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-20989#vulnDescriptionTitle">read CVE-2023-20989</a><br> <strong>Published:</strong> March 24, 2023; 4:15:11 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-7"> <span id="cvss3-link-7"> <em>V3.1:</em> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-20989&vector=AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N&version=3.1&source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-7" aria-label="V3 score for CVE-2023-20989">4.4 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-20988" id="cveDetailAnchor-8">CVE-2023-20988</a></strong> - In btm_read_rssi_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not... <a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-20988#vulnDescriptionTitle">read CVE-2023-20988</a><br> <strong>Published:</strong> March 24, 2023; 4:15:11 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-8"> <span id="cvss3-link-8"> <em>V3.1:</em> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-20988&vector=AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N&version=3.1&source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-8" aria-label="V3 score for CVE-2023-20988">4.5 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-20987" id="cveDetailAnchor-9">CVE-2023-20987</a></strong> - In btm_read_link_quality_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over Bluetooth with System execution privileges needed. User interaction is not ... <a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-20987#vulnDescriptionTitle">read CVE-2023-20987</a><br> <strong>Published:</strong> March 24, 2023; 4:15:11 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-9"> <span id="cvss3-link-9"> <em>V3.1:</em> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-20987&vector=AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N&version=3.1&source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-9" aria-label="V3 score for CVE-2023-20987">4.5 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-28660" id="cveDetailAnchor-10">CVE-2023-28660</a></strong> - The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'search_name' parameter in the eme_recurrences_list action. <br> <strong>Published:</strong> March 22, 2023; 5:15:18 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-10"> <span id="cvss3-link-10"> <em>V3.1:</em> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-28660&vector=AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-10" aria-label="V3 score for CVE-2023-28660">8.8 HIGH</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-28664" id="cveDetailAnchor-11">CVE-2023-28664</a></strong> - The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1.3.1, is affected by a reflected cross-site scripting vulnerability in the 'tax_name' parameter of the mdf_get_tax_options_in_widget action, which can only be triggered by an aut... <a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-28664#vulnDescriptionTitle">read CVE-2023-28664</a><br> <strong>Published:</strong> March 22, 2023; 5:15:19 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-11"> <span id="cvss3-link-11"> <em>V3.1:</em> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-28664&vector=AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N&version=3.1&source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-11" aria-label="V3 score for CVE-2023-28664">5.4 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2022-38745" id="cveDetailAnchor-12">CVE-2022-38745</a></strong> - Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory. <br> <strong>Published:</strong> March 24, 2023; 12:15:08 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-12"> <span id="cvss3-link-12"> <em>V3.1:</em> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-38745&vector=AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&version=3.1&source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-12" aria-label="V3 score for CVE-2022-38745">7.8 HIGH</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-28441" id="cveDetailAnchor-13">CVE-2023-28441</a></strong> - smartCARS 3 is flight tracking software. In version 0.5.8 and prior, all persons who have failed login attempts will have their password stored in error logs. This problem doesn't occur in version 0.5.9. As a workaround, delete the affected log fi... <a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-28441#vulnDescriptionTitle">read CVE-2023-28441</a><br> <strong>Published:</strong> March 23, 2023; 8:15:15 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-13"> <span id="cvss3-link-13"> <em>V3.1:</em> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-28441&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N&version=3.1&source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-13" aria-label="V3 score for CVE-2023-28441">7.5 HIGH</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-28335" id="cveDetailAnchor-14">CVE-2023-28335</a></strong> - The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. <br> <strong>Published:</strong> March 23, 2023; 5:15:20 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-14"> <span id="cvss3-link-14"> <em>V3.1:</em> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-28335&vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&version=3.1&source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-14" aria-label="V3 score for CVE-2023-28335">8.8 HIGH</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-24787" id="cveDetailAnchor-15">CVE-2023-24787</a></strong> - RESERVED churchcrm v4.5.3 was discovered to contain a SQL injection vulnerability via the Event parameter at /churchcrm/EventAttendance.php. <br> <strong>Published:</strong> March 23, 2023; 6:15:12 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-15"> <span id="cvss3-link-15"> <em>V3.1:</em> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-24787&vector=AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-15" aria-label="V3 score for CVE-2023-24787">8.8 HIGH</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-27034" id="cveDetailAnchor-16">CVE-2023-27034</a></strong> - PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability. <br> <strong>Published:</strong> March 23, 2023; 6:15:13 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-16"> <span id="cvss3-link-16"> <em>V3.1:</em> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-27034&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST" class="label label-critical" data-testid="vuln-cvss3-link-16" aria-label="V3 score for CVE-2023-27034">9.8 CRITICAL</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-24295" id="cveDetailAnchor-17">CVE-2023-24295</a></strong> - A stack overfow in SoftMaker Software GmbH FlexiPDF v3.0.3.0 allows attackers to execute arbitrary code after opening a crafted PDF file. <br> <strong>Published:</strong> March 23, 2023; 6:15:12 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-17"> <span id="cvss3-link-17"> <em>V3.1:</em> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-24295&vector=AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&version=3.1&source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-17" aria-label="V3 score for CVE-2023-24295">7.8 HIGH</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-20976" id="cveDetailAnchor-18">CVE-2023-20976</a></strong> - In getConfirmationMessage of DefaultAutofillPicker.java, there is a possible way to mislead the user to select default autofill application due to improper input validation. This could lead to local escalation of privilege with no additional execu... <a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2023-20976#vulnDescriptionTitle">read CVE-2023-20976</a><br> <strong>Published:</strong> March 24, 2023; 4:15:11 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-18"> <span id="cvss3-link-18"> <em>V3.1:</em> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-20976&vector=AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H&version=3.1&source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-18" aria-label="V3 score for CVE-2023-20976">7.3 HIGH</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230329030701/http://nvd.nist.gov/vuln/detail/CVE-2020-24857" id="cveDetailAnchor-19">CVE-2020-24857</a></strong> - Cross Site Scripting vulnerabilty found in IXPManager v.5.6.0 allows attackers to excute arbitrary code via the looking glass component. <br> <strong>Published:</strong> March 23, 2023; 6:15:12 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-19"> <span id="cvss3-link-19"> <em>V3.1:</em> <a href="/web/20230329030701/http://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2020-24857&vector=AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N&version=3.1&source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-19" aria-label="V3 score for CVE-2020-24857">6.1 MEDIUM</a><br/> </span> </p> </div> </li> </ul> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </main> <footer id="footer" role="contentinfo"> <div class="container"> <div class="row"> <div class="col-sm-12"> <ul class="social-list pull-right"> <li class="field-item service-twitter list-horiz"><a href="https://web.archive.org/web/20230329030701/https://twitter.com/NISTCyber" target="_blank" class="social-btn social-btn--large extlink ext"> <i class="fa fa-twitter fa-fw"><span class="element-invisible">twitter</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a></li> <li class="field-item service-facebook list-horiz"><a href="https://web.archive.org/web/20230329030701/https://www.facebook.com/NIST" target="_blank" class="social-btn social-btn--large extlink ext"> <i class="fa fa-facebook fa-fw"><span class="element-invisible">facebook</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span></a></li> <li class="field-item service-linkedin list-horiz"><a href="https://web.archive.org/web/20230329030701/https://www.linkedin.com/company/nist" target="_blank" class="social-btn social-btn--large extlink ext"> <i class="fa fa-linkedin fa-fw"><span class="element-invisible">linkedin</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span></a></li> <li class="field-item service-youtube list-horiz"><a href="https://web.archive.org/web/20230329030701/https://www.youtube.com/user/USNISTGOV" target="_blank" class="social-btn social-btn--large extlink ext"> <i class="fa fa-youtube fa-fw"><span class="element-invisible">youtube</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span></a></li> <li class="field-item service-rss list-horiz"><a href="https://web.archive.org/web/20230329030701/https://www.nist.gov/news-events/nist-rss-feeds" target="_blank" class="social-btn social-btn--large extlink"> <i class="fa fa-rss fa-fw"><span class="element-invisible">rss</span></i> </a></li> <li class="field-item service-govdelivery list-horiz last"><a href="https://web.archive.org/web/20230329030701/https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3" target="_blank" class="social-btn social-btn--large extlink ext"> <i class="fa fa-envelope fa-fw"><span class="element-invisible">govdelivery</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a></li> </ul> <span class="hidden-xs"> <a title="National Institute of Standards and Technology" rel="home" class="footer-nist-logo"> <img src="/web/20230329030701im_/http://nvd.nist.gov/site-media/images/nist/nist-logo.png" alt="National Institute of Standards and Technology logo"/> </a> </span> </div> </div> <div class="row hidden-sm hidden-md hidden-lg"> <div class="col-sm-12"> <a href="https://web.archive.org/web/20230329030701/https://www.nist.gov/" title="National Institute of Standards and Technology" rel="home" target="_blank" class="footer-nist-logo"> <img src="/web/20230329030701im_/http://nvd.nist.gov/site-media/images/nist/nist-logo.png" alt="National Institute of Standards and Technology logo"/> </a> </div> </div> <div class="row footer-contact-container"> <div class="col-sm-6"> <strong>HEADQUARTERS</strong> <br> 100 Bureau Drive <br> Gaithersburg, MD 20899 <br> <a href="https://web.archive.org/web/20230329030701/tel:301-975-2000">(301) 975-2000</a> <br> <br> <a href="https://web.archive.org/web/20230329030701/mailto:nvd@nist.gov">Webmaster</a> | <a href="https://web.archive.org/web/20230329030701/https://www.nist.gov/about-nist/contact-us">Contact Us</a> | <a href="https://web.archive.org/web/20230329030701/https://www.nist.gov/about-nist/visit" style="display: inline-block;">Our Other Offices</a> </div> <div class="col-sm-6"> <div class="pull-right" style="text-align:right"> <strong>Incident Response Assistance and Non-NVD Related<br>Technical Cyber Security Questions:</strong> <br> US-CERT Security Operations Center <br> Email: <a href="https://web.archive.org/web/20230329030701/mailto:soc@us-cert.gov">soc@us-cert.gov</a> <br> Phone: 1-888-282-0870 <br> <span style="display: inline-block; text-align: left; margin-left: 0; margin-right: 0;"> <strong style="float: right">Sponsored by</strong> <br>                       <a href="https://web.archive.org/web/20230329030701/https://www.cisa.gov/" target="_blank">CISA</a> </span> <a style="float: right; width: 68px;"> <img src="/web/20230329030701im_/http://nvd.nist.gov/site-media/images/cisa-thumbnail.png" alt="CISA"/> </a> </div> </div> </div> <div class="row"> <nav title="Footer Navigation" role="navigation" class="row footer-bottom-links-container">  <p> <a href="https://web.archive.org/web/20230329030701/https://www.nist.gov/oism/site-privacy">Site Privacy</a> | <a href="https://web.archive.org/web/20230329030701/https://www.nist.gov/oism/accessibility">Accessibility</a> | <a href="https://web.archive.org/web/20230329030701/https://www.nist.gov/privacy">Privacy Program</a> | <a href="https://web.archive.org/web/20230329030701/https://www.nist.gov/oism/copyrights">Copyrights</a> | <a href="https://web.archive.org/web/20230329030701/https://www.commerce.gov/vulnerability-disclosure-policy">Vulnerability Disclosure</a> | <a href="https://web.archive.org/web/20230329030701/https://www.nist.gov/no-fear-act-policy">No Fear Act Policy</a> | <a href="https://web.archive.org/web/20230329030701/https://www.nist.gov/foia">FOIA</a> | <a href="https://web.archive.org/web/20230329030701/https://www.nist.gov/environmental-policy-statement">Environmental Policy</a> | <a href="https://web.archive.org/web/20230329030701/https://www.nist.gov/summary-report-scientific-integrity">Scientific Integrity</a> | <a href="https://web.archive.org/web/20230329030701/https://www.nist.gov/nist-information-quality-standards">Information Quality Standards</a> | <a href="https://web.archive.org/web/20230329030701/https://www.commerce.gov/">Commerce.gov</a> | <a href="https://web.archive.org/web/20230329030701/https://www.science.gov/">Science.gov</a> | <a href="https://web.archive.org/web/20230329030701/https://www.usa.gov/">USA.gov</a> </p> </nav> </div> </div> </footer> </body> </html>

CINXE.COM

NVD - Home