NVD

NOTICE UPDATED - May, 29th 2024

The NVD has a new announcement page with status updates, news, and how to stay connected!

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2024-42270 - In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). We had a report that iptables-restore sometimes triggered null-ptr-deref at boot time. [0] The problem is t... read CVE-2024-42270
Published: 8月がつ 17, 2024; 5:15:08 午前ごぜん -0400

V3.1: 5.5 MEDIUM
CVE-2024-7545 - oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on th... read CVE-2024-7545
Published: 8月がつ 05, 2024; 8:15:36 午後ごご -0400

V3.1: 7.8 HIGH
CVE-2024-7544 - oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on th... read CVE-2024-7544
Published: 8月がつ 05, 2024; 8:15:36 午後ごご -0400

V3.1: 7.8 HIGH
CVE-2024-7543 - oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on th... read CVE-2024-7543
Published: 8月がつ 05, 2024; 8:15:35 午後ごご -0400

V3.1: 7.8 HIGH
CVE-2024-42283 - In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthop_grp contains two reserved fields that are not initialized by nla_put_nh_group(), and carry garbage. This ca... read CVE-2024-42283
Published: 8月がつ 17, 2024; 5:15:09 午前ごぜん -0400

V3.1: 5.5 MEDIUM
CVE-2024-42282 - In the Linux kernel, the following vulnerability has been resolved: net: mediatek: Fix potential NULL pointer dereference in dummy net_device handling Move the freeing of the dummy net_device from mtk_free_dev() to mtk_remove(). Previously, if ... read CVE-2024-42282
Published: 8月がつ 17, 2024; 5:15:09 午前ごぜん -0400

V3.1: 5.5 MEDIUM
CVE-2024-42284 - In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error tipc_udp_addr2str() should return non-zero value if the UDP media address is invalid. Otherwise, a buffer overflow ... read CVE-2024-42284
Published: 8月がつ 17, 2024; 5:15:09 午前ごぜん -0400

V3.1: 7.8 HIGH
CVE-2024-42285 - In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs iw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with an existing struct iw_cm_id (cm_id) as ... read CVE-2024-42285
Published: 8月がつ 17, 2024; 5:15:09 午前ごぜん -0400

V3.1: 7.8 HIGH
CVE-2024-42294 - In the Linux kernel, the following vulnerability has been resolved: block: fix deadlock between sd_remove & sd_release Our test report the following hung task: [ 2538.459400] INFO: task "kworker/0:0":7 blocked for more than 188 seconds. [ 2538.... read CVE-2024-42294
Published: 8月がつ 17, 2024; 5:15:09 午前ごぜん -0400

V3.1: 5.5 MEDIUM
CVE-2024-39371 - In the Linux kernel, the following vulnerability has been resolved: io_uring: check for non-NULL file pointer in io_file_can_poll() In earlier kernels, it was possible to trigger a NULL pointer dereference off the forced async preparation path, ... read CVE-2024-39371
Published: 6月 25, 2024; 11:15:14 午前ごぜん -0400

V3.1: 5.5 MEDIUM
CVE-2024-29012 - Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.
Published: 6月 20, 2024; 5:15:11 午前ごぜん -0400

V3.1: 7.5 HIGH
CVE-2024-23443 - A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack.
Published: 6月 19, 2024; 10:15:13 午前ごぜん -0400

V3.1: 4.9 MEDIUM
CVE-2024-6039 - A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack rem... read CVE-2024-6039
Published: 6月 16, 2024; 6:15:09 午後ごご -0400

V3.1: 8.8 HIGH
CVE-2024-29013 - Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function.
Published: 6月 20, 2024; 5:15:11 午前ごぜん -0400

V3.1: 6.5 MEDIUM
CVE-2023-24062 - Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01 fails to validate the directory structure of the root file system during the Pre-Boot Authorization (PBA) process. This can be exploited by a ph... read CVE-2023-24062
Published: 8月がつ 08, 2024; 2:15:09 午後ごご -0400

V3.1: 6.8 MEDIUM
CVE-2023-24063 - Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR10 fails to validate /etc/mtab during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
Published: 8月がつ 08, 2024; 2:15:09 午後ごご -0400

V3.1: 6.8 MEDIUM
CVE-2023-24064 - Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR4 fails to validate /etc/initab during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard d... read CVE-2023-24064
Published: 8月がつ 08, 2024; 2:15:09 午後ごご -0400

V3.1: 6.8 MEDIUM
CVE-2023-28865 - Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories (e.g., ensuring the expected hash sum) during the Pre-Boot Authorization (PBA) p... read CVE-2023-28865
Published: 8月がつ 08, 2024; 2:15:09 午後ごご -0400

V3.1: 6.6 MEDIUM
CVE-2023-33206 - Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, and 4.3.0 SR01 fails to validate symlinks during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able... read CVE-2023-33206
Published: 8月がつ 08, 2024; 2:15:09 午後ごご -0400

V3.1: 6.8 MEDIUM
CVE-2023-40261 - Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR02 fails to validate file attributes during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who ... read CVE-2023-40261
Published: 8月がつ 08, 2024; 2:15:09 午後ごご -0400

V3.1: 6.8 MEDIUM

Created September 20, 2022 , Updated ...

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: