NVD

NOTICE UPDATE

NIST has updated the NVD program announcement page with additional information regarding recent concerns and the temporary delays in enrichment efforts.

New 2.0 APIs

Change Timeline

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement

New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2024-3400 - A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privil... read CVE-2024-3400
Published: April 12, 2024; 4:15:06 AM -0400

V3.1: 10.0 CRITICAL
CVE-2024-3272 - ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.c... read CVE-2024-3272
Published: April 03, 2024; 9:15:50 PM -0400

V3.1: 9.8 CRITICAL
CVE-2024-3273 - ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component H... read CVE-2024-3273
Published: April 03, 2024; 9:15:50 PM -0400

V3.1: 9.8 CRITICAL
CVE-2024-25297 - Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php.
Published: February 17, 2024; 1:15:53 AM -0500

V3.1: 4.8 MEDIUM
CVE-2024-25298 - An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php.
Published: February 17, 2024; 1:15:54 AM -0500

V3.1: 7.2 HIGH
CVE-2021-1310 - A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page, bypassing the warning mechanism that should prompt the user before the redir... read CVE-2021-1310
Published: January 13, 2021; 5:15:21 PM -0500

V3.1: 4.7 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-1311 - A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection a... read CVE-2021-1311
Published: January 13, 2021; 5:15:21 PM -0500

V3.1: 5.4 MEDIUM
V2.0: 5.5 MEDIUM
CVE-2022-48618 - The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is ... read CVE-2022-48618
Published: January 09, 2024; 1:15:45 PM -0500

V3.1: 7.0 HIGH
CVE-2021-46951 - In the Linux kernel, the following vulnerability has been resolved: tpm: efi: Use local variable for calculating final log size When tpm_read_log_efi is called multiple times, which happens when one loads and unloads a TPM2 driver multiple times... read CVE-2021-46951
Published: February 27, 2024; 2:04:06 PM -0500

V3.1: 5.5 MEDIUM
CVE-2021-46952 - In the Linux kernel, the following vulnerability has been resolved: NFS: fs_context: validate UDP retrans to prevent shift out-of-bounds Fix shift out-of-bounds in xprt_calc_majortimeo(). This is caused by a garbage timeout (retrans) mount optio... read CVE-2021-46952
Published: February 27, 2024; 2:04:06 PM -0500

V3.1: 7.1 HIGH
CVE-2021-46953 - In the Linux kernel, the following vulnerability has been resolved: ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure When failing the driver probe because of invalid firmware properties, the GTDT driver unmaps the interrupt... read CVE-2021-46953
Published: February 27, 2024; 2:04:06 PM -0500

V3.1: 6.7 MEDIUM
CVE-2021-46954 - In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_frag: fix stack OOB read while fragmenting IPv4 packets when 'act_mirred' tries to fragment IPv4 packets that had been previously re-assembled using 'act_ct', spl... read CVE-2021-46954
Published: February 27, 2024; 2:04:06 PM -0500

V3.1: 7.1 HIGH
CVE-2021-46948 - In the Linux kernel, the following vulnerability has been resolved: sfc: farch: fix TX queue lookup in TX event handling We're starting from a TXQ label, not a TXQ type, so efx_channel_get_tx_queue() is inappropriate (and could return NULL, le... read CVE-2021-46948
Published: February 27, 2024; 2:04:06 PM -0500

V3.1: 5.5 MEDIUM
CVE-2021-46949 - In the Linux kernel, the following vulnerability has been resolved: sfc: farch: fix TX queue lookup in TX flush done handling We're starting from a TXQ instance number ('qid'), not a TXQ type, so efx_get_tx_queue() is inappropriate (and could r... read CVE-2021-46949
Published: February 27, 2024; 2:04:06 PM -0500

V3.1: 5.5 MEDIUM
CVE-2021-46950 - In the Linux kernel, the following vulnerability has been resolved: md/raid1: properly indicate failure when ending a failed write request This patch addresses a data corruption bug in raid1 arrays using bitmaps. Without this fix, the bitmap bit... read CVE-2021-46950
Published: February 27, 2024; 2:04:06 PM -0500

V3.1: 7.8 HIGH
CVE-2021-46945 - In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()"), the following series of commands would trigger a pan... read CVE-2021-46945
Published: February 27, 2024; 2:04:06 PM -0500

V3.1: 5.5 MEDIUM
CVE-2021-46947 - In the Linux kernel, the following vulnerability has been resolved: sfc: adjust efx->xdp_tx_queue_count with the real number of initialized queues efx->xdp_tx_queue_count is initially initialized to num_possible_cpus() and is later used to alloc... read CVE-2021-46947
Published: February 27, 2024; 2:04:06 PM -0500

V3.1: 5.5 MEDIUM
CVE-2021-46942 - In the Linux kernel, the following vulnerability has been resolved: io_uring: fix shared sqpoll cancellation hangs [ 736.982891] INFO: task iou-sqp-4294:4295 blocked for more than 122 seconds. [ 736.982897] Call Trace: [ 736.982901] schedule... read CVE-2021-46942
Published: February 27, 2024; 2:04:06 PM -0500

V3.1: 5.5 MEDIUM
CVE-2021-46943 - In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix set_fmt error handling If there in an error during a set_fmt, do not overwrite the previous sizes with the invalid config. Without this patch, v4... read CVE-2021-46943
Published: February 27, 2024; 2:04:06 PM -0500

V3.1: 7.8 HIGH
CVE-2021-46944 - In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix memory leak in imu_fmt We are losing the reference to an allocated memory if try. Change the order of the check to avoid that.
Published: February 27, 2024; 2:04:06 PM -0500

V3.1: 5.5 MEDIUM

Created September 20, 2022 , Updated March 31, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: