U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-31314 - In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
    Published: July 09, 2024; 5:15:13 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-31315 - In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no ad... read CVE-2024-31315
    Published: July 09, 2024; 5:15:13 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-31316 - In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User int... read CVE-2024-31316
    Published: July 09, 2024; 5:15:13 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-31317 - In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges need... read CVE-2024-31317
    Published: July 09, 2024; 5:15:13 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-31318 - In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. U... read CVE-2024-31318
    Published: July 09, 2024; 5:15:13 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-31319 - In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges need... read CVE-2024-31319
    Published: July 09, 2024; 5:15:13 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-1683 - A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services.
    Published: February 22, 2024; 8:15:52 PM -0500

    V3.1: 7.3 HIGH

  • CVE-2023-21113 - In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
    Published: July 09, 2024; 5:15:10 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-1931 - NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records fr... read CVE-2024-1931
    Published: March 07, 2024; 5:15:07 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-21114 - In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
    Published: July 09, 2024; 5:15:10 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-23695 - In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for ... read CVE-2024-23695
    Published: July 09, 2024; 5:15:11 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-23696 - In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not neede... read CVE-2024-23696
    Published: July 09, 2024; 5:15:11 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-23107 - An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, 6.3 all versions may allow an authenticated attacker to read password hashes of othe... read CVE-2024-23107
    Published: June 03, 2024; 4:15:08 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-34357 - IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a... read CVE-2022-34357
    Published: February 26, 2024; 11:27:45 AM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2024-0026 - In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for ... read CVE-2024-0026
    Published: May 07, 2024; 5:15:08 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-0025 - In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not neede... read CVE-2024-0025
    Published: May 07, 2024; 5:15:08 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-0024 - In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. ... read CVE-2024-0024
    Published: May 07, 2024; 5:15:08 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-0043 - In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User in... read CVE-2024-0043
    Published: May 07, 2024; 5:15:08 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-0042 - In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for ex... read CVE-2024-0042
    Published: May 07, 2024; 5:15:08 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-0027 - In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for expl... read CVE-2024-0027
    Published: May 07, 2024; 5:15:08 PM -0400

    V3.1: 5.5 MEDIUM

Created September 20, 2022 , Updated August 27, 2024