NVD

NOTICE UPDATED - April, 25th 2024

NIST has updated the NVD program announcement page with additional information regarding recent concerns and the temporary delays in enrichment efforts.

New 2.0 APIs

Change Timeline

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement

New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2024-4071 - A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This issue affects some unknown processing of the file prodInfo.php. The manipulation of the argument prodId leads to sql injection.... read CVE-2024-4071
Published: April 23, 2024; 6:15:07 PM -0400

V3.1: 8.8 HIGH
CVE-2024-4072 - A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been classified as problematic. Affected is an unknown function of the file search.php. The manipulation of the argument txtSearch leads to cross site s... read CVE-2024-4072
Published: April 23, 2024; 7:15:49 PM -0400

V3.1: 5.4 MEDIUM
CVE-2024-29472 - OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module.
Published: March 20, 2024; 5:15:32 PM -0400

V3.1: 5.4 MEDIUM
CVE-2024-29471 - OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module.
Published: March 20, 2024; 5:15:32 PM -0400

V3.1: 5.4 MEDIUM
CVE-2022-34311 - IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials. IBM X-Force ID: 229446.
Published: February 12, 2024; 2:15:09 PM -0500

V3.1: 4.3 MEDIUM
CVE-2022-34309 - IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440.
Published: February 12, 2024; 2:15:08 PM -0500

V3.1: 7.5 HIGH
CVE-2023-39683 - Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). NOTE: Researcher claims issue is present in all versions prior and later than tested version.
Published: February 09, 2024; 2:15:59 AM -0500

V3.1: 6.1 MEDIUM
CVE-2024-26584 - In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can retu... read CVE-2024-26584
Published: February 21, 2024; 10:15:09 AM -0500

V3.1: 5.5 MEDIUM
CVE-2023-52455 - In the Linux kernel, the following vulnerability has been resolved: iommu: Don't reserve 0-length IOVA region When the bootloader/firmware doesn't setup the framebuffers, their address and size are 0 in "iommu-addresses" property. If IOVA region... read CVE-2023-52455
Published: February 23, 2024; 10:15:08 AM -0500

V3.1: 7.8 HIGH
CVE-2023-52456 - In the Linux kernel, the following vulnerability has been resolved: serial: imx: fix tx statemachine deadlock When using the serial port as RS485 port, the tx statemachine is used to control the RTS pin to drive the RS485 transceiver TX_EN pin. ... read CVE-2023-52456
Published: February 23, 2024; 10:15:08 AM -0500

V3.1: 5.5 MEDIUM
CVE-2023-52457 - In the Linux kernel, the following vulnerability has been resolved: serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed Returning an error code from .remove() makes the driver core emit the little helpful error ... read CVE-2023-52457
Published: February 23, 2024; 10:15:08 AM -0500

V3.1: 7.8 HIGH
CVE-2023-52460 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference at hibernate During hibernate sequence the source context might not have a clk_mgr. So don't use it to look for DML2 support.
Published: February 23, 2024; 10:15:08 AM -0500

V3.1: 5.5 MEDIUM
CVE-2022-48655 - In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden accesses to the reset domains Accessing reset domains descriptors by the index upon the SCMI drivers requests through the SCMI reset operations interf... read CVE-2022-48655
Published: April 28, 2024; 9:15:07 AM -0400

V3.1: 7.8 HIGH
CVE-2022-48658 - In the Linux kernel, the following vulnerability has been resolved: mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context. Commit 5a836bf6b09f ("mm: slub: move flush_cpu_slab() invocations __free_slab() invocations out of IRQ ... read CVE-2022-48658
Published: April 28, 2024; 9:15:07 AM -0400

V3.1: 7.8 HIGH
CVE-2022-48659 - In the Linux kernel, the following vulnerability has been resolved: mm/slub: fix to return errno if kmalloc() fails In create_unique_id(), kmalloc(, GFP_KERNEL) can fail due to out-of-memory, if it fails, return errno correctly rather than trigg... read CVE-2022-48659
Published: April 28, 2024; 9:15:07 AM -0400

V3.1: 5.5 MEDIUM
CVE-2022-48660 - In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully When running gpio test on nxp-ls1028 platform with below command gpiomon --num-events=3 --rising-edge gpi... read CVE-2022-48660
Published: April 28, 2024; 9:15:07 AM -0400

V3.1: 5.5 MEDIUM
CVE-2022-48661 - In the Linux kernel, the following vulnerability has been resolved: gpio: mockup: Fix potential resource leakage when register a chip If creation of software node fails, the locally allocated string array is left unfreed. Free it on error path.
Published: April 28, 2024; 9:15:07 AM -0400

V3.1: 5.5 MEDIUM
CVE-2022-48662 - In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Really move i915_gem_context.link under ref protection i915_perf assumes that it can use the i915_gem_context reference to protect its i915->gem.contexts.list iter... read CVE-2022-48662
Published: April 28, 2024; 9:15:07 AM -0400

V3.1: 7.8 HIGH
CVE-2024-20358 - A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary comman... read CVE-2024-20358
Published: April 24, 2024; 4:15:07 PM -0400

V3.1: 6.7 MEDIUM
CVE-2024-20313 - A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerabil... read CVE-2024-20313
Published: April 24, 2024; 5:15:46 PM -0400

V3.1: 7.4 HIGH

Created September 20, 2022 , Updated April 25, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: