NVD

NOTICE UPDATE

NIST has updated the NVD program announcement page with additional information regarding recent concerns and the temporary delays in enrichment efforts.

New 2.0 APIs

Change Timeline

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement

New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2017-18017 - The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other... read CVE-2017-18017
Published: January 03, 2018; 1:29:00 AM -0500

V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2011-2483 - crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext pas... read CVE-2011-2483
Published: August 25, 2011; 10:22:44 AM -0400

V2.0: 5.0 MEDIUM
CVE-2024-3400 - A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to ... read CVE-2024-3400
Published: April 12, 2024; 4:15:06 AM -0400

V3.1: 10.0 CRITICAL
CVE-2024-24558 - TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. The `@tanstack/react-query-next-experimental` NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an atta... read CVE-2024-24558
Published: January 30, 2024; 3:15:45 PM -0500

V3.1: 6.1 MEDIUM
CVE-2007-0171 - PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter.
Published: January 10, 2007; 7:28:00 PM -0500

V2.0: 7.5 HIGH
CVE-2007-0172 - Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in un... read CVE-2007-0172
Published: January 10, 2007; 7:28:00 PM -0500

V2.0: 7.5 HIGH
CVE-2004-0285 - PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter.
Published: November 23, 2004; 12:00:00 AM -0500

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2006-4993 - Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _AMGconfig[cfg_serverpath] parameter in (1) modules/AllMyGuests/signin.php (aka the Nuke modu... read CVE-2006-4993
Published: September 25, 2006; 10:07:00 PM -0400

V2.0: 7.5 HIGH
CVE-2024-26592 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix UAF issue in ksmbd_tcp_new_connection() The race is between the handling of a new TCP connection and its disconnection. It leads to UAF on `struct tcp_transport` in k... read CVE-2024-26592
Published: February 22, 2024; 12:15:09 PM -0500

V3.1: 7.8 HIGH
CVE-2021-38201 - net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.
Published: August 08, 2021; 4:15:07 PM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2024-31353 - Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.
Published: April 10, 2024; 12:15:14 PM -0400

V3.1: 5.3 MEDIUM
CVE-2021-47193 - In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix memory leak during rmmod Driver failed to release all memory allocated. This would lead to memory leak during driver removal. Properly free memory when the mo... read CVE-2021-47193
Published: April 10, 2024; 3:15:47 PM -0400

V3.1: 5.5 MEDIUM
CVE-2021-47194 - In the Linux kernel, the following vulnerability has been resolved: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type If the userspace tools switch from NL80211_IFTYPE_P2P_GO to NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERF... read CVE-2021-47194
Published: April 10, 2024; 3:15:47 PM -0400

V3.1: 7.8 HIGH
CVE-2021-47195 - In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the add_lock mutex Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on SPI buses") introduced a per-controller mutex. But mutex_unl... read CVE-2021-47195
Published: April 10, 2024; 3:15:47 PM -0400

V3.1: 5.5 MEDIUM
CVE-2021-47198 - In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine An error is detected with the following report when unloading the driver: "KASAN: use-after-free in lpfc_unreg_rpi+0... read CVE-2021-47198
Published: April 10, 2024; 3:15:47 PM -0400

V3.1: 7.8 HIGH
CVE-2023-52459 - In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix duplicated list deletion The list deletion call dropped here is already called from the helper function in the line before. Having a second list_del() cal... read CVE-2023-52459
Published: February 23, 2024; 10:15:08 AM -0500

V3.1: 5.5 MEDIUM
CVE-2023-52458 - In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, there is no check on whether the length is aligned w... read CVE-2023-52458
Published: February 23, 2024; 10:15:08 AM -0500

V3.1: 5.5 MEDIUM
CVE-2024-26594 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid.
Published: February 23, 2024; 9:15:45 AM -0500

V3.1: 7.1 HIGH
CVE-2023-52454 - In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmet_tcp_build_pdu_i... read CVE-2023-52454
Published: February 23, 2024; 10:15:08 AM -0500

V3.1: 5.5 MEDIUM
CVE-2024-26593 - In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once befo... read CVE-2024-26593
Published: February 23, 2024; 5:15:07 AM -0500

V3.1: 7.1 HIGH

Created September 20, 2022 , Updated March 31, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: