NVD

NOTICE UPDATED - April, 25th 2024

NIST has updated the NVD program announcement page with additional information regarding recent concerns and the temporary delays in enrichment efforts.

New 2.0 APIs

Change Timeline

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement

New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2024-26912 - In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix several DMA buffer leaks Nouveau manages GSP-RM DMA buffers with nvkm_gsp_mem objects. Several of these buffers are never dealloced. Some of them can be deall... read CVE-2024-26912
Published: April 17, 2024; 12:15:07 PM -0400

V3.1: 5.5 MEDIUM
CVE-2024-26911 - In the Linux kernel, the following vulnerability has been resolved: drm/buddy: Fix alloc_range() error handling code Few users have observed display corruption when they boot the machine to KDE Plasma or playing games. We have root caused the pr... read CVE-2024-26911
Published: April 17, 2024; 12:15:07 PM -0400

V3.1: 3.3 LOW
CVE-2024-26910 - In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix performance regression in swap operation The patch "netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test", commit 28628fa... read CVE-2024-26910
Published: April 17, 2024; 12:15:07 PM -0400

V3.1: 4.7 MEDIUM
CVE-2023-52645 - In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix race conditions with genpd If the power domains are registered first with genpd and *after that* the driver attempts to power them on in the probe sequen... read CVE-2023-52645
Published: April 17, 2024; 12:15:07 PM -0400

V3.1: 4.7 MEDIUM
CVE-2024-1111 - A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Login System 1.0. Affected by this issue is some unknown functionality of the file add-user.php. The manipulation of the argument qr-code leads to cross... read CVE-2024-1111
Published: January 31, 2024; 2:15:08 PM -0500

V3.1: 6.1 MEDIUM
CVE-2020-12101 - The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address.
Published: April 30, 2020; 10:15:12 AM -0400

V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2023-48795 - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a clien... read CVE-2023-48795
Published: December 18, 2023; 11:15:10 AM -0500

V3.1: 5.9 MEDIUM
CVE-2024-26586 - In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group ... read CVE-2024-26586
Published: February 22, 2024; 12:15:08 PM -0500

V3.1: 6.7 MEDIUM
CVE-2013-6381 - Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a lengt... read CVE-2013-6381
Published: November 26, 2013; 11:43:33 PM -0500

V2.0: 6.9 MEDIUM
CVE-2023-6683 - A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leadin... read CVE-2023-6683
Published: January 12, 2024; 2:15:11 PM -0500

V3.1: 6.5 MEDIUM
CVE-2023-4759 - Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this rep... read CVE-2023-4759
Published: September 12, 2023; 6:15:29 AM -0400

V3.1: 8.8 HIGH
CVE-2022-1153 - The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project's slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilt... read CVE-2022-1153
Published: April 25, 2022; 12:16:08 PM -0400

V3.1: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2019-3900 - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A gue... read CVE-2019-3900
Published: April 25, 2019; 11:29:00 AM -0400

V3.1: 7.7 HIGH
V2.0: 6.8 MEDIUM
CVE-2007-6420 - Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
Published: January 11, 2008; 7:46:00 PM -0500

V2.0: 4.3 MEDIUM
CVE-2022-46337 - A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could ... read CVE-2022-46337
Published: November 20, 2023; 4:15:07 AM -0500

V3.1: 9.8 CRITICAL
CVE-2012-0507 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availabili... read CVE-2012-0507
Published: June 07, 2012; 6:55:17 PM -0400

V2.0: 10.0 HIGH
CVE-2013-0431 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "... read CVE-2013-0431
Published: January 31, 2013; 9:55:01 AM -0500

V2.0: 5.0 MEDIUM
CVE-2013-2465 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrit... read CVE-2013-2465
Published: June 18, 2013; 6:55:02 PM -0400

V2.0: 10.0 HIGH
CVE-2013-2423 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information... read CVE-2013-2423
Published: April 17, 2013; 2:55:07 PM -0400

V2.0: 4.3 MEDIUM
CVE-2012-5076 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
Published: October 16, 2012; 5:55:02 PM -0400

V2.0: 10.0 HIGH

Created September 20, 2022 , Updated April 25, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: