web.nvd.nist.govNVD - National Vulnerability Database

You are viewing this page in an unauthorized frame window. This is a potential security issue, you are being redirected to https://nvd.nist.gov You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality. An official website of the United States government Here’s how you know Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites. NVD MENU General Expand or Collapse NVD Dashboard News FAQ Visualizations Legal Disclaimer Vulnerabilities Expand or Collapse Search & Statistics Weakness Types Legacy Data Feeds Vendor Comments CVMAP Vulnerability Metrics Expand or Collapse CVSS v3.x Calculators CVSS v2.0 Calculator Products Expand or Collapse CPE Dictionary CPE Search CPE Statistics SWID Developers Expand or Collapse Start Here Request an API Key Vulnerabilities Products Data Sources Terms of Use Contact NVD Other Sites Expand or Collapse Checklist (NCP) Repository Configurations (CCE) 800-53 Controls SCAP Validated Tools SCAP USGCB Search Expand or Collapse Vulnerability Search CPE Search Information Technology Laboratory National Vulnerability Database National Vulnerability Database NVD General Expand or Collapse NVD Dashboard News FAQ Visualizations Legal Disclaimer Vulnerabilities Expand or Collapse Search & Statistics Weakness Types Legacy Data Feeds Vendor Comments CVMAP Vulnerability Metrics Expand or Collapse CVSS v3.x Calculators CVSS v2.0 Calculator Products Expand or Collapse CPE Dictionary CPE Search CPE Statistics SWID Developers Expand or Collapse Start Here Request an API Key Vulnerabilities Products Data Sources Terms of Use Contact NVD Other Sites Expand or Collapse Checklist (NCP) Repository Configurations (CCE) 800-53 Controls SCAP Validated Tools SCAP USGCB Search Expand or Collapse Vulnerability Search CPE Search NOTICE UPDATED - April, 25th 2024 NIST has updated the NVD program announcement page with additional information regarding recent concerns and the temporary delays in enrichment efforts. New 2.0 APIs Change Timeline New Parameters The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics. For information on how to the cite the NVD, including the database’s Digital Object Identifier (DOI), please consult NIST’s Public Data Repository . Legal Disclaimer: Here is where you can read the NVD legal disclaimer . Last 20 Scored Vulnerability IDs & Summaries CVSS Severity CVE-2024-31497 - In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user’s NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is ... read CVE-2024-31497 Published: April 15, 2024; 4:15:11 PM -0400 V3.1: 5.9 MEDIUM CVE-2024-29988 - SmartScreen Prompt Security Feature Bypass Vulnerability Published: April 09, 2024; 1:16:01 PM -0400 V3.1: 8.8 HIGH CVE-2024-4071 - A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This issue affects some unknown processing of the file prodInfo.php. The manipulation of the argument prodId leads to sql injection.... read CVE-2024-4071 Published: April 23, 2024; 6:15:07 PM -0400 V3.1: 8.8 HIGH CVE-2024-4072 - A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been classified as problematic. Affected is an unknown function of the file search.php. The manipulation of the argument txtSearch leads to cross site s... read CVE-2024-4072 Published: April 23, 2024; 7:15:49 PM -0400 V3.1: 5.4 MEDIUM CVE-2024-29472 - OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module. Published: March 20, 2024; 5:15:32 PM -0400 V3.1: 5.4 MEDIUM CVE-2024-29471 - OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module. Published: March 20, 2024; 5:15:32 PM -0400 V3.1: 5.4 MEDIUM CVE-2022-34311 - IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user’s session due to insufficiently protected credentials. IBM X-Force ID: 229446. Published: February 12, 2024; 2:15:09 PM -0500 V3.1: 4.3 MEDIUM CVE-2022-34309 - IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440. Published: February 12, 2024; 2:15:08 PM -0500 V3.1: 7.5 HIGH CVE-2023-39683 - Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). NOTE: Researcher claims issue is present in all versions prior and later than tested version. Published: February 09, 2024; 2:15:59 AM -0500 V3.1: 6.1 MEDIUM CVE-2024-26584 - In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we’re setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can retu... read CVE-2024-26584 Published: February 21, 2024; 10:15:09 AM -0500 V3.1: 5.5 MEDIUM CVE-2023-52455 - In the Linux kernel, the following vulnerability has been resolved: iommu: Don’t reserve 0-length IOVA region When the bootloader/firmware doesn’t setup the framebuffers, their address and size are 0 in "iommu-addresses" property. If IOVA region... read CVE-2023-52455 Published: February 23, 2024; 10:15:08 AM -0500 V3.1: 7.8 HIGH CVE-2023-52456 - In the Linux kernel, the following vulnerability has been resolved: serial: imx: fix tx statemachine deadlock When using the serial port as RS485 port, the tx statemachine is used to control the RTS pin to drive the RS485 transceiver TX_EN pin. ... read CVE-2023-52456 Published: February 23, 2024; 10:15:08 AM -0500 V3.1: 5.5 MEDIUM CVE-2023-52457 - In the Linux kernel, the following vulnerability has been resolved: serial: 8250: omap: Don’t skip resource freeing if pm_runtime_resume_and_get() failed Returning an error code from .remove() makes the driver core emit the little helpful error ... read CVE-2023-52457 Published: February 23, 2024; 10:15:08 AM -0500 V3.1: 7.8 HIGH CVE-2023-52460 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference at hibernate During hibernate sequence the source context might not have a clk_mgr. So don’t use it to look for DML2 support. Published: February 23, 2024; 10:15:08 AM -0500 V3.1: 5.5 MEDIUM CVE-2022-48655 - In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden accesses to the reset domains Accessing reset domains descriptors by the index upon the SCMI drivers requests through the SCMI reset operations interf... read CVE-2022-48655 Published: April 28, 2024; 9:15:07 AM -0400 V3.1: 7.8 HIGH CVE-2022-48658 - In the Linux kernel, the following vulnerability has been resolved: mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context. Commit 5a836bf6b09f ("mm: slub: move flush_cpu_slab() invocations __free_slab() invocations out of IRQ ... read CVE-2022-48658 Published: April 28, 2024; 9:15:07 AM -0400 V3.1: 7.8 HIGH CVE-2022-48659 - In the Linux kernel, the following vulnerability has been resolved: mm/slub: fix to return errno if kmalloc() fails In create_unique_id(), kmalloc(, GFP_KERNEL) can fail due to...