NVD - Home

<!DOCTYPE html> <html lang="en"> <head><script type="text/javascript" src="/_static/js/bundle-playback.js?v=HxkREWBo" charset="utf-8"></script> <script type="text/javascript" src="/_static/js/wombat.js?v=txqj7nKC" charset="utf-8"></script> <script>window.RufflePlayer=window.RufflePlayer||{};window.RufflePlayer.config={"autoplay":"on","unmuteOverlay":"hidden"};</script> <script type="text/javascript" src="/_static/js/ruffle/ruffle.js"></script> <script type="text/javascript"> __wm.init("https://web.archive.org/web"); __wm.wombat("https://nvd.nist.gov/","20230212051507","https://web.archive.org/","web","/_static/", "1676178907"); </script> <link rel="stylesheet" type="text/css" href="/_static/css/banner-styles.css?v=S1zqJCYt" /> <link rel="stylesheet" type="text/css" href="/_static/css/iconochive.css?v=3PDvdIFv" />  <title>NVD - Home</title> <meta http-equiv="content-type" content="text/html; charset=UTF-8"/> <meta http-equiv="content-style-type" content="text/css"/> <meta http-equiv="content-script-type" content="text/javascript"/> <meta name="viewport" content="width=device-width, initial-scale=1.0"/> <link href="/web/20230212051507cs_/https://nvd.nist.gov/site-scripts/font-awesome/css/font-awesome.min.css" type="text/css" rel="stylesheet"/> <link href="/web/20230212051507cs_/https://nvd.nist.gov/site-media/bootstrap/css/bootstrap.min.css" type="text/css" rel="stylesheet"/> <link href="/web/20230212051507cs_/https://nvd.nist.gov/site-media/bootstrap/css/bootstrap-theme.min.css" type="text/css" rel="stylesheet"/> <link href="/web/20230212051507cs_/https://nvd.nist.gov/site-scripts/eonasdan-bootstrap-datetimepicker/build/css/bootstrap-datetimepicker.min.css" type="text/css" rel="stylesheet"/> <link href="/web/20230212051507cs_/https://nvd.nist.gov/site-media/css/nist-fonts.css" type="text/css" rel="stylesheet"/> <link href="/web/20230212051507cs_/https://nvd.nist.gov/site-media/css/base-style.css" type="text/css" rel="stylesheet"/> <link href="/web/20230212051507cs_/https://nvd.nist.gov/site-media/css/media-resize.css" type="text/css" rel="stylesheet"/> <meta name="theme-color" content="#000000"> <script src="/web/20230212051507js_/https://nvd.nist.gov/site-scripts/jquery/dist/jquery.min.js" type="text/javascript"></script> <script src="/web/20230212051507js_/https://nvd.nist.gov/site-scripts/jquery-visible/jquery.visible.min.js" type="text/javascript"></script> <script src="/web/20230212051507js_/https://nvd.nist.gov/site-scripts/underscore/underscore-min.js" type="text/javascript"></script> <script src="/web/20230212051507js_/https://nvd.nist.gov/site-media/bootstrap/js/bootstrap.js" type="text/javascript"></script> <script src="/web/20230212051507js_/https://nvd.nist.gov/site-scripts/moment/min/moment.min.js" type="text/javascript"></script> <script src="/web/20230212051507js_/https://nvd.nist.gov/site-scripts/eonasdan-bootstrap-datetimepicker/build/js/bootstrap-datetimepicker.min.js" type="text/javascript"></script> <script src="/web/20230212051507js_/https://nvd.nist.gov/site-media/js/megamenu.js" type="text/javascript"></script> <script src="/web/20230212051507js_/https://nvd.nist.gov/site-media/js/nist-exit-script.js" type="text/javascript"></script> <script src="/web/20230212051507js_/https://nvd.nist.gov/site-media/js/forms.js" type="text/javascript"></script>  <script src="/web/20230212051507js_/https://nvd.nist.gov/site-media/js/federated-analytics.all.min.js?agency=NIST&subagency=nvd&pua=UA-37115410-41&yt=true" type="text/javascript" id="_fed_an_js_tag"></script> <style id="antiClickjack"> body>* { display: none !important; } #antiClickjack { display: block !important; } </style> <noscript> <style id="antiClickjackNoScript"> body>* { display: block !important; } #antiClickjack { display: none !important; } </style> </noscript> <script type="text/javascript" id="antiClickjackScript"> if (self === top) { // no clickjacking var antiClickjack = document.getElementById("antiClickjack"); antiClickjack.parentNode.removeChild(antiClickjack); } else { setTimeout(tryForward(), 5000); } function tryForward() { top.location = self.location; } </script> <meta charset="UTF-8"> <link href="/web/20230212051507cs_/https://nvd.nist.gov/site-media/css/nvd-style.css" type="text/css" rel="stylesheet"/> <link href="/web/20230212051507im_/https://nvd.nist.gov/site-media/images/favicons/apple-touch-icon.png" rel="apple-touch-icon" type="image/png" sizes="180x180"/> <link href="/web/20230212051507im_/https://nvd.nist.gov/site-media/images/favicons/favicon-32x32.png" rel="icon" type="image/png" sizes="32x32"/> <link href="/web/20230212051507im_/https://nvd.nist.gov/site-media/images/favicons/favicon-16x16.png" rel="icon" type="image/png" sizes="16x16"/> <link href="/web/20230212051507/https://nvd.nist.gov/site-media/images/favicons/manifest.json" rel="manifest"/> <link href="/web/20230212051507im_/https://nvd.nist.gov/site-media/images/favicons/safari-pinned-tab.svg" rel="mask-icon" color="#000000"/> <link href="/web/20230212051507im_/https://nvd.nist.gov/site-media/images/favicons/favicon.ico" rel="shortcut icon"/> <meta name="msapplication-config" content="/site-media/images/favicons/browserconfig.xml"/> <link href="/web/20230212051507im_/https://nvd.nist.gov/site-media/images/favicons/favicon.ico" rel="shortcut icon" type="image/x-icon"/> <link href="/web/20230212051507im_/https://nvd.nist.gov/site-media/images/favicons/favicon.ico" rel="icon" type="image/x-icon"/> <meta charset="UTF-8"> <meta charset="UTF-8"> </head> <body> <header role="banner" title="Site Banner"> <div id="antiClickjack" style="display: none"> <h1>You are viewing this page in an unauthorized frame window.</h1> <p> This is a potential security issue, you are being redirected to <a href="https://web.archive.org/web/20230212051507/https://nvd.nist.gov/">https://nvd.nist.gov</a> </p> </div> <div> <section class="usa-banner" aria-label="Official government website"> <div class="usa-accordion container"> <header class="usa-banner__header"> <noscript> <p style="font-size: 0.85rem; font-weight: bold;">You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.</p> </noscript> <img class="usa-banner__header-flag" src="/web/20230212051507im_/https://nvd.nist.gov/site-media/images/usbanner/us_flag_small.png" alt="U.S. flag">   <span class="usa-banner__header-text">An official website of the United States government</span> <button id="gov-banner-button" class="usa-accordion__button usa-banner__button" data-toggle="collapse" data-target="#gov-banner" aria-expanded="false" aria-controls="gov-banner"> <span class="usa-banner__button-text">Here's how you know</span> </button> </header> <div class="usa-banner__content usa-accordion__content collapse" role="tabpanel" id="gov-banner" aria-expanded="true"> <div class="row"> <div class="col-md-5 col-sm-12"> <div class="row"> <div class="col-sm-2 col-xs-3"> <img class="usa-banner__icon usa-media-block__img" src="/web/20230212051507im_/https://nvd.nist.gov/site-media/images/usbanner/icon-dot-gov.svg" alt="Dot gov"> </div> <div class="col-sm-10 col-xs-9"> <p> <strong>Official websites use .gov</strong> <br> A <strong>.gov</strong> website belongs to an official government organization in the United States. </p> </div> </div> </div> <div class="col-md-5 col-sm-12"> <div class="row"> <div class="col-sm-2 col-xs-3"> <img class="usa-banner__icon usa-media-block__img" src="/web/20230212051507im_/https://nvd.nist.gov/site-media/images/usbanner/icon-https.svg" alt="Https"> </div> <div class="col-sm-10 col-xs-9"> <p> <strong>Secure .gov websites use HTTPS</strong> <br> A <strong>lock</strong> (<img class="usa-banner__lock" src="/web/20230212051507im_/https://nvd.nist.gov/site-media/images/usbanner/lock.svg" alt="Dot gov">) or <strong>https://</strong> means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. </p> </div> </div> </div> </div> </div> </div> </section> </div> <div> <div> <nav id="navbar" class="navbar"> <div id="nist-menu-container" class="container"> <div class="row">  <div class="col-xs-6 col-md-4 navbar-header" style="height:104px"> <a class="navbar-brand" href="https://web.archive.org/web/20230212051507/https://www.nist.gov/" target="_blank" id="navbar-brand-image" style="padding-top: 36px"> <img alt="National Institute of Standards and Technology" src="/web/20230212051507im_/https://nvd.nist.gov/site-media/images/nist/nist-logo.svg" width="110" height="30"> </a> </div> <div class="col-xs-6 col-md-8 navbar-nist-logo"> <span id="nvd-menu-button" class="pull-right" style="margin-top: 26px"> <a href="#"> <span class="fa fa-bars"></span> <span id="nvd-menu-full-text"><span class="hidden-xxs">NVD </span>MENU</span> </a> </span> </div> </div> </div> <div class="main-menu-row container">  <div id="main-menu-drop" class="col-lg-12" style="display: none;"> <ul> <li><a href="/web/20230212051507/https://nvd.nist.gov/general"> General <span class="expander fa fa-plus" id="nvd-header-menu-general" data-expander-name="general" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="general"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20230212051507/https://nvd.nist.gov/general/nvd-dashboard">NVD Dashboard</a> </p> <p> <a href="/web/20230212051507/https://nvd.nist.gov/general/news">News</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20230212051507/https://nvd.nist.gov/general/email-list">Email List</a> </p> <p> <a href="/web/20230212051507/https://nvd.nist.gov/general/faq">FAQ</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20230212051507/https://nvd.nist.gov/general/visualizations">Visualizations</a> </p> </div> </div> </div></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/vuln"> Vulnerabilities <span class="expander fa fa-plus" id="nvd-header-menu-vulnerabilities" data-expander-name="vulnerabilities" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="vulnerabilities"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20230212051507/https://nvd.nist.gov/vuln/search">Search & Statistics</a> </p> <p> <a href="/web/20230212051507/https://nvd.nist.gov/vuln/full-listing">Full Listing</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20230212051507/https://nvd.nist.gov/vuln/categories">Weakness Types</a> </p> <p> <a href="/web/20230212051507/https://nvd.nist.gov/vuln/data-feeds">Legacy Data Feeds</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20230212051507/https://nvd.nist.gov/vuln/vendor-comments">Vendor Comments</a> </p> <p> <a href="/web/20230212051507/https://nvd.nist.gov/vuln/cvmap">CVMAP</a> </p> </div> </div> </div></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss"> Vulnerability Metrics <span class="expander fa fa-plus" id="nvd-header-menu-metrics" data-expander-name="metrics" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="metrics"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator">CVSS V3 Calculator</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator">CVSS V2 Calculator</a> </p> </div> <div class="col-lg-4"></div> </div> </div></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/products"> Products <span class="expander fa fa-plus" id="nvd-header-menu-products" data-expander-name="products" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="products"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20230212051507/https://nvd.nist.gov/products/cpe">CPE Dictionary</a> </p> <p> <a href="/web/20230212051507/https://nvd.nist.gov/products/cpe/search">CPE Search</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20230212051507/https://nvd.nist.gov/products/cpe/statistics">CPE Statistics</a> </p> <p> <a href="/web/20230212051507/https://nvd.nist.gov/products/swid">SWID</a> </p> </div> <div class="col-lg-4"></div> </div> </div></li> <li> <a href="/web/20230212051507/https://nvd.nist.gov/developers">Developers<span class="expander fa fa-plus" id="nvd-header-menu-developers" data-expander-name="developers" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="developers"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20230212051507/https://nvd.nist.gov/developers/start-here">Start Here</a> </p> <p> <a href="/web/20230212051507/https://nvd.nist.gov/developers/request-an-api-key">Request an API Key</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20230212051507/https://nvd.nist.gov/developers/vulnerabilities">Vulnerabilities</a> </p> <p> <a href="/web/20230212051507/https://nvd.nist.gov/developers/products">Products</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20230212051507/https://nvd.nist.gov/developers/data-sources">Data Sources</a> </p> <p> <a href="/web/20230212051507/https://nvd.nist.gov/developers/terms-of-use">Terms of Use</a> </p> </div> </div> </div> </li> <li><a href="/web/20230212051507/https://nvd.nist.gov/info"> Contact NVD </a></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/other"> Other Sites <span class="expander fa fa-plus" id="nvd-header-menu-othersites" data-expander-name="otherSites" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="otherSites"> <div class="row"> <div class="col-lg-4"> <p> <a href="https://web.archive.org/web/20230212051507/https://ncp.nist.gov/">Checklist (NCP) Repository</a> </p> <p> <a href="https://web.archive.org/web/20230212051507/https://ncp.nist.gov/cce">Configurations (CCE)</a> </p> <p> <a href="https://web.archive.org/web/20230212051507/https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search">800-53 Controls</a> </p> </div> <div class="col-lg-4"> <p> <a href="https://web.archive.org/web/20230212051507/https://csrc.nist.gov/projects/scap-validation-program">SCAP Validated Tools</a> </p> <p> <a href="https://web.archive.org/web/20230212051507/https://csrc.nist.gov/projects/security-content-automation-protocol">SCAP</a> </p> </div> <div class="col-lg-4"> <p> <a href="https://web.archive.org/web/20230212051507/https://csrc.nist.gov/projects/united-states-government-configuration-baseline">USGCB</a> </p> </div> </div> </div></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/search"> Search <span class="expander fa fa-plus" id="nvd-header-menu-search" data-expander-name="search" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="search"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20230212051507/https://nvd.nist.gov/vuln/search">Vulnerability Search</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20230212051507/https://nvd.nist.gov/products/cpe/search">CPE Search</a> </p> </div> </div> </div></li> </ul> </div>  </div> </nav> <section id="itl-header" class="has-menu"> <div class="container"> <div class="row"> <div class="col-sm-12 col-md-8"> <h2 class="hidden-xs hidden-sm"> <a href="https://web.archive.org/web/20230212051507/https://www.nist.gov/itl" target="_blank">Information Technology Laboratory</a> </h2> <h1 class="hidden-xs hidden-sm"> <a id="nvd-header-link" href="/web/20230212051507/https://nvd.nist.gov/">National Vulnerability Database</a> </h1> <h1 class="hidden-xs text-center hidden-md hidden-lg">National Vulnerability Database</h1> <h1 class="hidden-sm hidden-md hidden-lg text-center">NVD</h1> </div> <div class="col-sm-12 col-md-4"> <a style="width: 100%; text-align: center; display: block;padding-top: 14px"> <img id="img-logo-nvd-lg" alt="National Vulnerability Database" src="/web/20230212051507im_/https://nvd.nist.gov/site-media/images/F_NIST-Logo-NVD-white.svg" width="500" height="100"> </a> </div> </div> </div> </section> </div> </div> </header> <main> <div> <div id="body-section" class="container"> <div> <div class="row"> <nav title="Side Menu" role="navigation" class="col-lg-3 col-md-4 hidden-sm hidden-xs hidden-xxs"> <ul class="side-nav"> <li><a href="/web/20230212051507/https://nvd.nist.gov/general">General<span class="expander fa fa-plus" id="nvd-side-menu-general" data-expander-name="generalSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="generalSide"> <ul> <li><a href="/web/20230212051507/https://nvd.nist.gov/general/nvd-dashboard">NVD Dashboard</a></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/general/news">News</a></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/general/email-list">Email List</a></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/general/faq">FAQ</a></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/general/visualizations">Visualizations</a></li> </ul> </div></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/vuln"> Vulnerabilities <span class="expander fa fa-plus" id="nvd-side-menu-vulnerabilities" data-expander-name="vulnerabilitiesSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="vulnerabilitiesSide"> <ul> <li><a href="/web/20230212051507/https://nvd.nist.gov/vuln/search">Search & Statistics</a></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/vuln/full-listing">Full Listing</a></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/vuln/categories">Weakness Types</a></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/vuln/data-feeds">Legacy Data Feeds</a></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/vuln/vendor-comments">Vendor Comments</a></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/vuln/cvmap">CVMAP</a></li> </ul> </div></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss"> Vulnerability Metrics <span class="expander fa fa-plus" id="nvd-side-menu-metrics" data-expander-name="metricsSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="metricsSide"> <ul> <li><a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator">CVSS V3 Calculator</a></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator">CVSS V2 Calculator</a></li> </ul> </div></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/products"> Products <span class="expander fa fa-plus" id="nvd-side-menu-products" data-expander-name="productsSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="productsSide"> <ul> <li><a href="/web/20230212051507/https://nvd.nist.gov/products/cpe">CPE Dictionary</a></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/products/cpe/search">CPE Search</a></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/products/cpe/statistics">CPE Statistics</a></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/products/swid">SWID</a></li> </ul> </div></li> <li> <a href="/web/20230212051507/https://nvd.nist.gov/developers">Developers<span class="expander fa fa-plus" id="nvd-side-menu-developers" data-expander-name="developersSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="developersSide"> <ul> <li><a href="/web/20230212051507/https://nvd.nist.gov/developers/start-here">Start Here</a></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/developers/request-an-api-key">Request an API Key</a></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/developers/vulnerabilities">Vulnerabilities</a></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/developers/products">Products</a></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/developers/data-sources">Data Sources</a></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/developers/terms-of-use">Terms of Use</a></li> </ul> </div> </li> <li><a href="/web/20230212051507/https://nvd.nist.gov/info"> Contact NVD </a></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/other"> Other Sites <span class="expander fa fa-plus" id="nvd-side-menu-othersites" data-expander-name="otherSitesSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="otherSitesSide"> <ul> <li><a href="https://web.archive.org/web/20230212051507/https://ncp.nist.gov/">Checklist (NCP) Repository</a></li> <li><a href="https://web.archive.org/web/20230212051507/https://ncp.nist.gov/cce">Configurations (CCE)</a></li> <li><a href="https://web.archive.org/web/20230212051507/https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search">800-53 Controls</a></li> <li><a href="https://web.archive.org/web/20230212051507/https://csrc.nist.gov/projects/scap-validation-program">SCAP Validated Tools</a></li> <li><a href="https://web.archive.org/web/20230212051507/https://csrc.nist.gov/projects/security-content-automation-protocol">SCAP</a></li> <li><a href="https://web.archive.org/web/20230212051507/https://csrc.nist.gov/projects/united-states-government-configuration-baseline">USGCB</a></li> </ul> </div></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/search"> Search <span class="expander fa fa-plus" id="nvd-side-menu-search" data-expander-name="searchSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="searchSide"> <ul> <li><a href="/web/20230212051507/https://nvd.nist.gov/vuln/search">Vulnerability Search</a></li> <li><a href="/web/20230212051507/https://nvd.nist.gov/products/cpe/search">CPE Search</a></li> </ul> </div></li> </ul> </nav> <div id="page-content" class="col-lg-9 col-md-8 col-sm-12 col-xs-12 col-xxs-12"> <div class="col-md-4" style="padding:0px;"> <div class="text-center"> <span class="carousel-title"> <a href="/web/20230212051507/https://nvd.nist.gov/general/news/api-20-announcements"> <img alt="The letters N V D typed out in binary" src="/web/20230212051507im_/https://nvd.nist.gov/site-media/images/LandingPage/apiGuidance800x632.png" style="width: 300px; height: 237px;" title="Whats new in API two"> <br/> <strong>New 2.0 APIs</strong> </a> </span> </div> </div> <div class="col-md-4" style="padding:0px;"> <div class="text-center"> <span class="carousel-title"> <a href="/web/20230212051507/https://nvd.nist.gov/general/news/change-timeline"> <img alt="Emphasis on APIs for web automation" src="/web/20230212051507im_/https://nvd.nist.gov/site-media/images/LandingPage/changeTimeline800x632.png" style="width: 300px; height: 237px;" title="Emphasis on APIs for web automation!"> <br/> <strong>2022-23 Change Timeline</strong> </a> </span> </div> </div> <div class="row"> <div class="col-md-4" style="padding:0px;"> <div class="text-center"> <span class="carousel-title"> <a href="/web/20230212051507/https://nvd.nist.gov/general/news/cisa-exploit-catalog"> <img alt="Icon for CISA Known Exploited Vulnerabilities Catalog Announcement" src="/web/20230212051507im_/https://nvd.nist.gov/site-media/images/LandingPage/kevCatalog800x632.png" style="width: 300px; height: 237px;" title="Helping you comply with BOD 22-01"> <br/> <strong>New Parameters</strong> </a> </span> </div> </div> </div> <br/> <span>The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.</span> <br/> <br/> <span>For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult <a href="https://web.archive.org/web/20230212051507/https://data.nist.gov/od/id/1E0F15DAAEFB84E4E0531A5706813DD8436"> NIST's Public Data Repository</a>.</span> <br/> <br/> <div> <div class="row"> <div class="col-md-12 col-sm-12"> <div id="vulnResultsPanel">  <div id="latestVulnsArea"> <div id="latestVulnsTitleRow" class="row"> <span class="hidden-md col-lg-9"> <strong class="h4Size">Last 20 Scored Vulnerability IDs & Summaries</strong> </span> <span class="hidden-md col-lg-3"> <strong class="h4Size">CVSS Severity </strong> </span> </div> <ul id="latestVulns"> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2022-32595" id="cveDetailAnchor-0">CVE-2022-32595</a></strong> - In widevine, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446236;... <a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2022-32595#vulnDescriptionTitle">read CVE-2022-32595</a><br> <strong>Published:</strong> February 06, 2023; 3:15:10 PM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-0"> <span id="cvss3-link-0"> <em>V3.1:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-32595&vector=AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N&version=3.1&source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-0" aria-label="V3 score for CVE-2022-32595">4.4 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2021-23892" id="cveDetailAnchor-1">CVE-2021-23892</a></strong> - By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administ... <a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2021-23892#vulnDescriptionTitle">read CVE-2021-23892</a><br> <strong>Published:</strong> May 12, 2021; 5:15:07 AM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-1"> <span id="cvss3-link-1"> <em>V3.1:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2021-23892&vector=AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-1" aria-label="V3 score for CVE-2021-23892">7.0 HIGH</a><br/> </span> <span id="cvss2-link-1"> <em> V2.0:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2021-23892&vector=(AV:L/AC:M/Au:N/C:C/I:C/A:C)&version=2.0&source=NIST" class="label label-warning" data-testid="vuln-cvss2-link-1" aria-label="V2 score for CVE-2021-23892">6.9 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2020-7346" id="cveDetailAnchor-2">CVE-2020-7346</a></strong> - Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires... <a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2020-7346#vulnDescriptionTitle">read CVE-2020-7346</a><br> <strong>Published:</strong> March 23, 2021; 12:15:13 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-2"> <span id="cvss3-link-2"> <em>V3.1:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2020-7346&vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-2" aria-label="V3 score for CVE-2020-7346">7.8 HIGH</a><br/> </span> <span id="cvss2-link-2"> <em> V2.0:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2020-7346&vector=(AV:L/AC:L/Au:N/C:P/I:P/A:P)&version=2.0&source=NIST" class="label label-warning" data-testid="vuln-cvss2-link-2" aria-label="V2 score for CVE-2020-7346">4.6 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2021-24581" id="cveDetailAnchor-3">CVE-2021-24581</a></strong> - The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when savin... <a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2021-24581#vulnDescriptionTitle">read CVE-2021-24581</a><br> <strong>Published:</strong> August 30, 2021; 11:15:07 AM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-3"> <span id="cvss3-link-3"> <em>V3.1:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2021-24581&vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&version=3.1&source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-3" aria-label="V3 score for CVE-2021-24581">8.8 HIGH</a><br/> </span> <span id="cvss2-link-3"> <em> V2.0:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2021-24581&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)&version=2.0&source=NIST" class="label label-warning" data-testid="vuln-cvss2-link-3" aria-label="V2 score for CVE-2021-24581">6.8 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2021-34427" id="cveDetailAnchor-4">CVE-2021-34427</a></strong> - In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance. <br> <strong>Published:</strong> June 25, 2021; 3:15:09 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-4"> <span id="cvss3-link-4"> <em>V3.1:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2021-34427&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST" class="label label-critical" data-testid="vuln-cvss3-link-4" aria-label="V3 score for CVE-2021-34427">9.8 CRITICAL</a><br/> </span> <span id="cvss2-link-4"> <em> V2.0:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2021-34427&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)&version=2.0&source=NIST" class="label label-danger" data-testid="vuln-cvss2-link-4" aria-label="V2 score for CVE-2021-34427">7.5 HIGH</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2019-10430" id="cveDetailAnchor-5">CVE-2019-10430</a></strong> - Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. <br> <strong>Published:</strong> September 25, 2019; 12:15:12 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-5"> <span id="cvss3-link-5"> <em>V3.1:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2019-10430&vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N&version=3.1&source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-5" aria-label="V3 score for CVE-2019-10430">5.5 MEDIUM</a><br/> </span> <span id="cvss2-link-5"> <em> V2.0:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2019-10430&vector=(AV:L/AC:L/Au:N/C:P/I:N/A:N)&version=2.0&source=NIST" class="label label-low" data-testid="vuln-cvss2-link-5" aria-label="V2 score for CVE-2019-10430">2.1 LOW</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2019-9959" id="cveDetailAnchor-6">CVE-2019-9959</a></strong> - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an at... <a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2019-9959#vulnDescriptionTitle">read CVE-2019-9959</a><br> <strong>Published:</strong> July 22, 2019; 11:15:10 AM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-6"> <span id="cvss3-link-6"> <em>V3.1:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2019-9959&vector=AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H&version=3.1&source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-6" aria-label="V3 score for CVE-2019-9959">6.5 MEDIUM</a><br/> </span> <span id="cvss2-link-6"> <em> V2.0:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2019-9959&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)&version=2.0&source=NIST" class="label label-warning" data-testid="vuln-cvss2-link-6" aria-label="V2 score for CVE-2019-9959">4.3 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2019-9903" id="cveDetailAnchor-7">CVE-2019-9903</a></strong> - PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. <br> <strong>Published:</strong> March 21, 2019; 2:29:00 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-7"> <span id="cvss3-link-7"> <em>V3.1:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2019-9903&vector=AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H&version=3.1&source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-7" aria-label="V3 score for CVE-2019-9903">6.5 MEDIUM</a><br/> </span> <span id="cvss2-link-7"> <em> V2.0:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2019-9903&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)&version=2.0&source=NIST" class="label label-warning" data-testid="vuln-cvss2-link-7" aria-label="V2 score for CVE-2019-9903">4.3 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2018-20650" id="cveDetailAnchor-8">CVE-2018-20650</a></strong> - A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. <br> <strong>Published:</strong> January 01, 2019; 11:29:00 AM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-8"> <span id="cvss3-link-8"> <em>V3.1:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2018-20650&vector=AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H&version=3.1&source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-8" aria-label="V3 score for CVE-2018-20650">6.5 MEDIUM</a><br/> </span> <span id="cvss2-link-8"> <em> V2.0:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2018-20650&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)&version=2.0&source=NIST" class="label label-warning" data-testid="vuln-cvss2-link-8" aria-label="V2 score for CVE-2018-20650">4.3 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2018-19058" id="cveDetailAnchor-9">CVE-2018-19058</a></strong> - An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file. <br> <strong>Published:</strong> November 07, 2018; 11:29:00 AM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-9"> <span id="cvss3-link-9"> <em>V3.1:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2018-19058&vector=AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H&version=3.1&source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-9" aria-label="V3 score for CVE-2018-19058">6.5 MEDIUM</a><br/> </span> <span id="cvss2-link-9"> <em> V2.0:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2018-19058&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P)&version=2.0&source=NIST" class="label label-warning" data-testid="vuln-cvss2-link-9" aria-label="V2 score for CVE-2018-19058">4.3 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2022-38131" id="cveDetailAnchor-10">CVE-2022-38131</a></strong> - RStudio Connect is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites. <br> <strong>Published:</strong> September 06, 2022; 2:15:15 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-10"> <span id="cvss3-link-10"> <em>V3.1:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-38131&vector=AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N&version=3.1&source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-10" aria-label="V3 score for CVE-2022-38131">6.1 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2022-34916" id="cveDetailAnchor-11">CVE-2022-34916</a></strong> - Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed b... <a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2022-34916#vulnDescriptionTitle">read CVE-2022-34916</a><br> <strong>Published:</strong> August 21, 2022; 5:15:33 AM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-11"> <span id="cvss3-link-11"> <em>V3.1:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-34916&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST" class="label label-critical" data-testid="vuln-cvss3-link-11" aria-label="V3 score for CVE-2022-34916">9.8 CRITICAL</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2022-30065" id="cveDetailAnchor-12">CVE-2022-30065</a></strong> - A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. <br> <strong>Published:</strong> May 18, 2022; 11:15:10 AM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-12"> <span id="cvss3-link-12"> <em>V3.1:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-30065&vector=AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&version=3.1&source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-12" aria-label="V3 score for CVE-2022-30065">7.8 HIGH</a><br/> </span> <span id="cvss2-link-12"> <em> V2.0:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2022-30065&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)&version=2.0&source=NIST" class="label label-warning" data-testid="vuln-cvss2-link-12" aria-label="V2 score for CVE-2022-30065">6.8 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2021-28544" id="cveDetailAnchor-13">CVE-2021-28544</a></strong> - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location,... <a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2021-28544#vulnDescriptionTitle">read CVE-2021-28544</a><br> <strong>Published:</strong> April 12, 2022; 2:15:08 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-13"> <span id="cvss3-link-13"> <em>V3.1:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2021-28544&vector=AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N&version=3.1&source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-13" aria-label="V3 score for CVE-2021-28544">4.3 MEDIUM</a><br/> </span> <span id="cvss2-link-13"> <em> V2.0:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2021-28544&vector=(AV:N/AC:M/Au:S/C:P/I:N/A:N)&version=2.0&source=NIST" class="label label-low" data-testid="vuln-cvss2-link-13" aria-label="V2 score for CVE-2021-28544">3.5 LOW</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2018-25032" id="cveDetailAnchor-14">CVE-2018-25032</a></strong> - zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. <br> <strong>Published:</strong> March 25, 2022; 5:15:08 AM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-14"> <span id="cvss3-link-14"> <em>V3.1:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2018-25032&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1&source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-14" aria-label="V3 score for CVE-2018-25032">7.5 HIGH</a><br/> </span> <span id="cvss2-link-14"> <em> V2.0:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2018-25032&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)&version=2.0&source=NIST" class="label label-warning" data-testid="vuln-cvss2-link-14" aria-label="V2 score for CVE-2018-25032">5.0 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2022-1471" id="cveDetailAnchor-15">CVE-2022-1471</a></strong> - SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when par... <a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2022-1471#vulnDescriptionTitle">read CVE-2022-1471</a><br> <strong>Published:</strong> December 01, 2022; 6:15:10 AM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-15"> <span id="cvss3-link-15"> <em>V3.1:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-1471&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST" class="label label-critical" data-testid="vuln-cvss3-link-15" aria-label="V3 score for CVE-2022-1471">9.8 CRITICAL</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2022-41854" id="cveDetailAnchor-16">CVE-2022-41854</a></strong> - Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effec... <a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2022-41854#vulnDescriptionTitle">read CVE-2022-41854</a><br> <strong>Published:</strong> November 11, 2022; 8:15:11 AM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-16"> <span id="cvss3-link-16"> <em>V3.1:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-41854&vector=AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H&version=3.1&source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-16" aria-label="V3 score for CVE-2022-41854">6.5 MEDIUM</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2022-3479" id="cveDetailAnchor-17">CVE-2022-3479</a></strong> - A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash. <br> <strong>Published:</strong> October 14, 2022; 1:15:15 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-17"> <span id="cvss3-link-17"> <em>V3.1:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-3479&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1&source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-17" aria-label="V3 score for CVE-2022-3479">7.5 HIGH</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2022-31765" id="cveDetailAnchor-18">CVE-2022-31765</a></strong> - Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges. <br> <strong>Published:</strong> October 11, 2022; 7:15:09 AM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-18"> <span id="cvss3-link-18"> <em>V3.1:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-31765&vector=AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-18" aria-label="V3 score for CVE-2022-31765">8.8 HIGH</a><br/> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/web/20230212051507/https://nvd.nist.gov/vuln/detail/CVE-2022-41672" id="cveDetailAnchor-19">CVE-2022-41672</a></strong> - In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API. <br> <strong>Published:</strong> October 07, 2022; 3:15:08 AM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-19"> <span id="cvss3-link-19"> <em>V3.1:</em> <a href="/web/20230212051507/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-41672&vector=AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N&version=3.1&source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-19" aria-label="V3 score for CVE-2022-41672">8.1 HIGH</a><br/> </span> </p> </div> </li> </ul> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </main> <footer id="footer" role="contentinfo"> <div class="container"> <div class="row"> <div class="col-sm-12"> <ul class="social-list pull-right"> <li class="field-item service-twitter list-horiz"><a href="https://web.archive.org/web/20230212051507/https://twitter.com/NISTCyber" target="_blank" class="social-btn social-btn--large extlink ext"> <i class="fa fa-twitter fa-fw"><span class="element-invisible">twitter</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a></li> <li class="field-item service-facebook list-horiz"><a href="https://web.archive.org/web/20230212051507/https://www.facebook.com/NIST" target="_blank" class="social-btn social-btn--large extlink ext"> <i class="fa fa-facebook fa-fw"><span class="element-invisible">facebook</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span></a></li> <li class="field-item service-linkedin list-horiz"><a href="https://web.archive.org/web/20230212051507/https://www.linkedin.com/company/nist" target="_blank" class="social-btn social-btn--large extlink ext"> <i class="fa fa-linkedin fa-fw"><span class="element-invisible">linkedin</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span></a></li> <li class="field-item service-youtube list-horiz"><a href="https://web.archive.org/web/20230212051507/https://www.youtube.com/user/USNISTGOV" target="_blank" class="social-btn social-btn--large extlink ext"> <i class="fa fa-youtube fa-fw"><span class="element-invisible">youtube</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span></a></li> <li class="field-item service-rss list-horiz"><a href="https://web.archive.org/web/20230212051507/https://www.nist.gov/news-events/nist-rss-feeds" target="_blank" class="social-btn social-btn--large extlink"> <i class="fa fa-rss fa-fw"><span class="element-invisible">rss</span></i> </a></li> <li class="field-item service-govdelivery list-horiz last"><a href="https://web.archive.org/web/20230212051507/https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3" target="_blank" class="social-btn social-btn--large extlink ext"> <i class="fa fa-envelope fa-fw"><span class="element-invisible">govdelivery</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a></li> </ul> <span class="hidden-xs"> <a title="National Institute of Standards and Technology" rel="home" class="footer-nist-logo"> <img src="/web/20230212051507im_/https://nvd.nist.gov/site-media/images/nist/nist-logo.png" alt="National Institute of Standards and Technology logo"/> </a> </span> </div> </div> <div class="row hidden-sm hidden-md hidden-lg"> <div class="col-sm-12"> <a href="https://web.archive.org/web/20230212051507/https://www.nist.gov/" title="National Institute of Standards and Technology" rel="home" target="_blank" class="footer-nist-logo"> <img src="/web/20230212051507im_/https://nvd.nist.gov/site-media/images/nist/nist-logo.png" alt="National Institute of Standards and Technology logo"/> </a> </div> </div> <div class="row footer-contact-container"> <div class="col-sm-6"> <strong>HEADQUARTERS</strong> <br> 100 Bureau Drive <br> Gaithersburg, MD 20899 <br> <a href="https://web.archive.org/web/20230212051507/tel:301-975-2000">(301) 975-2000</a> <br> <br> <a href="https://web.archive.org/web/20230212051507/mailto:nvd@nist.gov">Webmaster</a> | <a href="https://web.archive.org/web/20230212051507/https://www.nist.gov/about-nist/contact-us">Contact Us</a> | <a href="https://web.archive.org/web/20230212051507/https://www.nist.gov/about-nist/visit" style="display: inline-block;">Our Other Offices</a> </div> <div class="col-sm-6"> <div class="pull-right" style="text-align:right"> <strong>Incident Response Assistance and Non-NVD Related<br>Technical Cyber Security Questions:</strong> <br> US-CERT Security Operations Center <br> Email: <a href="https://web.archive.org/web/20230212051507/mailto:soc@us-cert.gov">soc@us-cert.gov</a> <br> Phone: 1-888-282-0870 <br> <span style="display: inline-block; text-align: left; margin-left: 0; margin-right: 0;"> <strong style="float: right">Sponsored by</strong> <br>                       <a href="https://web.archive.org/web/20230212051507/https://www.cisa.gov/" target="_blank">CISA</a> </span> <a style="float: right; width: 68px;"> <img src="/web/20230212051507im_/https://nvd.nist.gov/site-media/images/cisa-thumbnail.png" alt="CISA"/> </a> </div> </div> </div> <div class="row"> <nav title="Footer Navigation" role="navigation" class="row footer-bottom-links-container">  <p> <a href="https://web.archive.org/web/20230212051507/https://www.nist.gov/oism/site-privacy">Site Privacy</a> | <a href="https://web.archive.org/web/20230212051507/https://www.nist.gov/oism/accessibility">Accessibility</a> | <a href="https://web.archive.org/web/20230212051507/https://www.nist.gov/privacy">Privacy Program</a> | <a href="https://web.archive.org/web/20230212051507/https://www.nist.gov/oism/copyrights">Copyrights</a> | <a href="https://web.archive.org/web/20230212051507/https://www.commerce.gov/vulnerability-disclosure-policy">Vulnerability Disclosure</a> | <a href="https://web.archive.org/web/20230212051507/https://www.nist.gov/no-fear-act-policy">No Fear Act Policy</a> | <a href="https://web.archive.org/web/20230212051507/https://www.nist.gov/foia">FOIA</a> | <a href="https://web.archive.org/web/20230212051507/https://www.nist.gov/environmental-policy-statement">Environmental Policy</a> | <a href="https://web.archive.org/web/20230212051507/https://www.nist.gov/summary-report-scientific-integrity">Scientific Integrity</a> | <a href="https://web.archive.org/web/20230212051507/https://www.nist.gov/nist-information-quality-standards">Information Quality Standards</a> | <a href="https://web.archive.org/web/20230212051507/https://www.commerce.gov/">Commerce.gov</a> | <a href="https://web.archive.org/web/20230212051507/https://www.science.gov/">Science.gov</a> | <a href="https://web.archive.org/web/20230212051507/https://www.usa.gov/">USA.gov</a> </p> </nav> </div> </div> </footer> </body> </html>

CINXE.COM

NVD - Home