) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2024-46794 - In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix data leak in mmio_read() The mmio_read() function makes a TDVMCALL to retrieve MMIO data for an address from the VMM. Sean noticed that mmio_read() unintentionally... read CVE-2024-46794
Published: September 18, 2024; 4:15:06 AM -0400V3.1: 3.3 LOW
-
CVE-2024-46812 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration [Why] Coverity reports Memory - illegal accesses. [How] Skip inactive planes.
Published: September 27, 2024; 9:15:14 AM -0400V3.1: 7.8 HIGH
-
CVE-2024-46827 - In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix firmware crash due to invalid peer nss Currently, if the access point receives an association request containing an Extended HE Capabilities Information Elemen... read CVE-2024-46827
Published: September 27, 2024; 9:15:15 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2024-33014 - Transient DOS while parsing ESP IE from beacon/probe response frame.
Published: August 05, 2024; 11:15:49 AM -0400V3.1: 7.5 HIGH
-
CVE-2024-50060 - In the Linux kernel, the following vulnerability has been resolved: io_uring: check if we need to reschedule during overflow flush In terms of normal application usage, this list will always be empty. And if an application does overflow a bit, i... read CVE-2024-50060
Published: October 21, 2024; 4:15:18 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2024-50056 - In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c Fix potential dereferencing of ERR_PTR() in find_format_by_pix() and uvc_v4l2_enum_format(). Fix the following smatch er... read CVE-2024-50056
Published: October 21, 2024; 4:15:17 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2024-50065 - In the Linux kernel, the following vulnerability has been resolved: ntfs3: Change to non-blocking allocation in ntfs_d_hash d_hash is done while under "rcu-walk" and should not sleep. __get_name() allocates using GFP_KERNEL, having the possibili... read CVE-2024-50065
Published: October 21, 2024; 4:15:18 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2024-33015 - Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report.
Published: August 05, 2024; 11:15:50 AM -0400V3.1: 7.5 HIGH
-
CVE-2024-33025 - Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.
Published: August 05, 2024; 11:15:52 AM -0400V3.1: 7.5 HIGH
-
CVE-2024-33024 - Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.
Published: August 05, 2024; 11:15:52 AM -0400V3.1: 7.5 HIGH
-
CVE-2024-33018 - Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame.
Published: August 05, 2024; 11:15:50 AM -0400V3.1: 7.5 HIGH
-
CVE-2024-33026 - Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp.
Published: August 05, 2024; 11:15:52 AM -0400V3.1: 7.5 HIGH
-
CVE-2024-33023 - Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events.
Published: August 05, 2024; 11:15:51 AM -0400V3.1: 7.8 HIGH
-
CVE-2024-33022 - Memory corruption while allocating memory in HGSL driver.
Published: August 05, 2024; 11:15:51 AM -0400V3.1: 7.8 HIGH
-
CVE-2024-33021 - Memory corruption while processing IOCTL call to set metainfo.
Published: August 05, 2024; 11:15:51 AM -0400V3.1: 7.8 HIGH
-
CVE-2024-33020 - Transient DOS while processing TID-to-link mapping IE elements.
Published: August 05, 2024; 11:15:51 AM -0400V3.1: 7.5 HIGH
-
CVE-2024-33019 - Transient DOS while parsing the received TID-to-link mapping action frame.
Published: August 05, 2024; 11:15:50 AM -0400V3.1: 7.5 HIGH
-
CVE-2024-24051 - Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers to instruct the device's movable parts to destinations that exceed the devices' maximum coordinates via the printing of a malicious .gcode file.
Published: June 12, 2024; 2:15:10 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2024-52759 - D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function.
Published: November 19, 2024; 2:15:08 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2024-4705 - The Testimonials Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonials shortcode in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping on user suppli... read CVE-2024-4705
Published: June 05, 2024; 10:15:53 PM -0400V3.1: 5.4 MEDIUM