NVD

NOTICE UPDATE

NIST has updated the NVD program announcement page with additional information regarding recent concerns and the temporary delays in enrichment efforts.

New 2.0 APIs

Change Timeline

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement

New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2024-31353 - Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.
Published: April 10, 2024; 12:15:14 PM -0400

V3.1: 5.3 MEDIUM
CVE-2021-47193 - In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix memory leak during rmmod Driver failed to release all memory allocated. This would lead to memory leak during driver removal. Properly free memory when the mo... read CVE-2021-47193
Published: April 10, 2024; 3:15:47 PM -0400

V3.1: 5.5 MEDIUM
CVE-2021-47194 - In the Linux kernel, the following vulnerability has been resolved: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type If the userspace tools switch from NL80211_IFTYPE_P2P_GO to NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERF... read CVE-2021-47194
Published: April 10, 2024; 3:15:47 PM -0400

V3.1: 7.8 HIGH
CVE-2021-47195 - In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the add_lock mutex Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on SPI buses") introduced a per-controller mutex. But mutex_unl... read CVE-2021-47195
Published: April 10, 2024; 3:15:47 PM -0400

V3.1: 5.5 MEDIUM
CVE-2021-47198 - In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine An error is detected with the following report when unloading the driver: "KASAN: use-after-free in lpfc_unreg_rpi+0... read CVE-2021-47198
Published: April 10, 2024; 3:15:47 PM -0400

V3.1: 7.8 HIGH
CVE-2023-52459 - In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix duplicated list deletion The list deletion call dropped here is already called from the helper function in the line before. Having a second list_del() cal... read CVE-2023-52459
Published: February 23, 2024; 10:15:08 AM -0500

V3.1: 5.5 MEDIUM
CVE-2023-52458 - In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, there is no check on whether the length is aligned w... read CVE-2023-52458
Published: February 23, 2024; 10:15:08 AM -0500

V3.1: 5.5 MEDIUM
CVE-2024-26594 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid.
Published: February 23, 2024; 9:15:45 AM -0500

V3.1: 7.1 HIGH
CVE-2023-52454 - In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmet_tcp_build_pdu_i... read CVE-2023-52454
Published: February 23, 2024; 10:15:08 AM -0500

V3.1: 5.5 MEDIUM
CVE-2024-26593 - In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once befo... read CVE-2024-26593
Published: February 23, 2024; 5:15:07 AM -0500

V3.1: 7.1 HIGH
CVE-2024-26581 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip e... read CVE-2024-26581
Published: February 20, 2024; 8:15:09 AM -0500

V3.1: 7.8 HIGH
CVE-2023-52436 - In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr spa... read CVE-2023-52436
Published: February 20, 2024; 4:15:08 PM -0500

V3.1: 7.8 HIGH
CVE-2024-21026 - Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker w... read CVE-2024-21026
Published: April 16, 2024; 6:15:18 PM -0400

V3.1: 6.1 MEDIUM
CVE-2024-21027 - Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker w... read CVE-2024-21027
Published: April 16, 2024; 6:15:18 PM -0400

V3.1: 6.1 MEDIUM
CVE-2024-21028 - Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker w... read CVE-2024-21028
Published: April 16, 2024; 6:15:18 PM -0400

V3.1: 6.1 MEDIUM
CVE-2024-21029 - Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker w... read CVE-2024-21029
Published: April 16, 2024; 6:15:18 PM -0400

V3.1: 6.1 MEDIUM
CVE-2024-21030 - Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker w... read CVE-2024-21030
Published: April 16, 2024; 6:15:18 PM -0400

V3.1: 6.1 MEDIUM
CVE-2024-21031 - Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker w... read CVE-2024-21031
Published: April 16, 2024; 6:15:18 PM -0400

V3.1: 6.1 MEDIUM
CVE-2024-3834 - Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published: April 17, 2024; 4:15:10 AM -0400

V3.1: 8.8 HIGH
CVE-2024-3837 - Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Published: April 17, 2024; 4:15:10 AM -0400

V3.1: 8.8 HIGH

Created September 20, 2022 , Updated March 31, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: