NVD

NOTICE UPDATED - April, 25th 2024

NIST has updated the NVD program announcement page with additional information regarding recent concerns and the temporary delays in enrichment efforts.

New 2.0 APIs

Change Timeline

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement

New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2024-26883 - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stackmap overflow check on 32-bit arches The stackmap code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by check... read CVE-2024-26883
Published: April 17, 2024; 7:15:10 AM -0400

V3.1: 7.8 HIGH
CVE-2024-26884 - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix hashtab overflow check on 32-bit arches The hashtab code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by checkin... read CVE-2024-26884
Published: April 17, 2024; 7:15:10 AM -0400

V3.1: 7.8 HIGH
CVE-2024-26885 - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix DEVMAP_HASH overflow check on 32-bit arches The devmap code allocates a number hash buckets equal to the next power of two of the max_entries value provided when creati... read CVE-2024-26885
Published: April 17, 2024; 7:15:10 AM -0400

V3.1: 7.8 HIGH
CVE-2023-37397 - IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672.
Published: April 19, 2024; 1:15:51 PM -0400

V3.1: 4.4 MEDIUM
CVE-2023-27279 - IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533.
Published: April 19, 2024; 1:15:51 PM -0400

V3.1: 6.5 MEDIUM
CVE-2022-40745 - IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452.
Published: April 19, 2024; 1:15:51 PM -0400

V3.1: 5.5 MEDIUM
CVE-2023-50811 - An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to acc... read CVE-2023-50811
Published: March 19, 2024; 6:15:06 PM -0400

V3.1: 6.5 MEDIUM
CVE-2024-25007 - Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There... read CVE-2024-25007
Published: April 04, 2024; 3:15:07 PM -0400

V3.1: 7.1 HIGH
CVE-2024-26909 - In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironica... read CVE-2024-26909
Published: April 17, 2024; 7:15:11 AM -0400

V3.1: 5.5 MEDIUM
CVE-2024-26908 - In the Linux kernel, the following vulnerability has been resolved: x86/xen: Add some null pointer checking to smp.c kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successf... read CVE-2024-26908
Published: April 17, 2024; 7:15:11 AM -0400

V3.1: 5.5 MEDIUM
CVE-2024-26907 - In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment ------------[ cut here ]------------ memcpy: detected field-spanning write (size 56) of single field "eseg->i... read CVE-2024-26907
Published: April 17, 2024; 7:15:11 AM -0400

V3.1: 7.8 HIGH
CVE-2024-26904 - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix data race at btrfs_use_block_rsv() when accessing block reserve At btrfs_use_block_rsv() we read the size of a block reserve without locking its spinlock, which makes... read CVE-2024-26904
Published: April 17, 2024; 7:15:11 AM -0400

V3.1: 5.5 MEDIUM
CVE-2024-26903 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security During our fuzz testing of the connection and disconnection process at the RFCOMM layer, we discovered this bug. B... read CVE-2024-26903
Published: April 17, 2024; 7:15:11 AM -0400

V3.1: 5.5 MEDIUM
CVE-2024-26902 - In the Linux kernel, the following vulnerability has been resolved: perf: RISCV: Fix panic on pmu overflow handler (1 << idx) of int is not desired when setting bits in unsigned long overflowed_ctrs, use BIT() instead. This panic happens when ru... read CVE-2024-26902
Published: April 17, 2024; 7:15:11 AM -0400

V3.1: 5.5 MEDIUM
CVE-2024-26901 - In the Linux kernel, the following vulnerability has been resolved: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak syzbot identified a kernel information leak vulnerability in do_sys_name_to_handle() and issued the following repor... read CVE-2024-26901
Published: April 17, 2024; 7:15:10 AM -0400

V3.1: 5.5 MEDIUM
CVE-2024-26900 - In the Linux kernel, the following vulnerability has been resolved: md: fix kmemleak of rdev->serial If kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be alloc not be freed, and kmemleak occurs. unreferenced object 0xffff888... read CVE-2024-26900
Published: April 17, 2024; 7:15:10 AM -0400

V3.1: 5.5 MEDIUM
CVE-2024-26899 - In the Linux kernel, the following vulnerability has been resolved: block: fix deadlock between bd_link_disk_holder and partition scan 'open_mutex' of gendisk is used to protect open/close block devices. But in bd_link_disk_holder(), it is used ... read CVE-2024-26899
Published: April 17, 2024; 7:15:10 AM -0400

V3.1: 5.5 MEDIUM
CVE-2024-26898 - In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts This patch is against CVE-2023-6270. The description of cve is: A flaw was found in the ATA over Ethernet (Ao... read CVE-2024-26898
Published: April 17, 2024; 7:15:10 AM -0400

V3.1: 7.8 HIGH
CVE-2024-26913 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue [why] odm calculation is missing for pipe split policy determination and cause Underflow/Corruption issue. [how] Add ... read CVE-2024-26913
Published: April 17, 2024; 12:15:08 PM -0400

V3.1: 7.8 HIGH
CVE-2024-26912 - In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix several DMA buffer leaks Nouveau manages GSP-RM DMA buffers with nvkm_gsp_mem objects. Several of these buffers are never dealloced. Some of them can be deall... read CVE-2024-26912
Published: April 17, 2024; 12:15:07 PM -0400

V3.1: 5.5 MEDIUM

Created September 20, 2022 , Updated April 25, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: