NVD

NOTICE UPDATED - April, 25th 2024

NIST has updated the NVD program announcement page with additional information regarding recent concerns and the temporary delays in enrichment efforts.

New 2.0 APIs

Change Timeline

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement

New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2024-5274 - Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Published: May 28, 2024; 11:15:10 AM -0400

V3.1: 8.8 HIGH
CVE-2024-20360 - A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the w... read CVE-2024-20360
Published: May 22, 2024; 2:15:09 PM -0400

V3.1: 8.8 HIGH
CVE-2024-35997 - In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C ... read CVE-2024-35997
Published: May 20, 2024; 6:15:13 AM -0400

V3.1: 5.5 MEDIUM
CVE-2023-52827 - In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats() len is extracted from HTT message and could be an unexpected value in case errors happen, so add val... read CVE-2023-52827
Published: May 21, 2024; 12:15:20 PM -0400

V3.1: 7.1 HIGH
CVE-2023-52821 - In the Linux kernel, the following vulnerability has been resolved: drm/panel: fix a possible null pointer dereference In versatile_panel_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointe... read CVE-2023-52821
Published: May 21, 2024; 12:15:20 PM -0400

V3.1: 5.5 MEDIUM
CVE-2023-52817 - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL In certain types of chips, such as VEGA20, reading the amdgpu_regs_smc file could result in an abnormal n... read CVE-2023-52817
Published: May 21, 2024; 12:15:19 PM -0400

V3.1: 5.5 MEDIUM
CVE-2023-52815 - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vkms: fix a possible null pointer dereference In amdgpu_vkms_conn_get_modes(), the return value of drm_cvt_mode() is assigned to mode, which will lead to a NULL point... read CVE-2023-52815
Published: May 21, 2024; 12:15:19 PM -0400

V3.1: 5.5 MEDIUM
CVE-2023-52814 - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential null pointer derefernce The amdgpu_ras_get_context may return NULL if device not support ras feature, so add check before using.
Published: May 21, 2024; 12:15:19 PM -0400

V3.1: 5.5 MEDIUM
CVE-2023-52809 - In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() fc_lport_ptp_setup() did not check the return value of fc_rport_create() which can return NULL and wo... read CVE-2023-52809
Published: May 21, 2024; 12:15:19 PM -0400

V3.1: 5.5 MEDIUM
CVE-2023-52806 - In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix possible null-ptr-deref when assigning a stream While AudioDSP drivers assign streams exclusively of HOST or LINK type, nothing blocks a user to attempt to assign... read CVE-2023-52806
Published: May 21, 2024; 12:15:18 PM -0400

V3.1: 5.5 MEDIUM
CVE-2023-52802 - In the Linux kernel, the following vulnerability has been resolved: iio: adc: stm32-adc: harden against NULL pointer deref in stm32_adc_probe() of_match_device() may fail and returns a NULL pointer. In practice there is no known reasonable way ... read CVE-2023-52802
Published: May 21, 2024; 12:15:18 PM -0400

V3.1: 5.5 MEDIUM
CVE-2023-52783 - In the Linux kernel, the following vulnerability has been resolved: net: wangxun: fix kernel panic due to null pointer When the device uses a custom subsystem vendor ID, the function wx_sw_init() returns before the memory of 'wx->mac_table' is a... read CVE-2023-52783
Published: May 21, 2024; 12:15:17 PM -0400

V3.1: 5.5 MEDIUM
CVE-2023-52773 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer() When ddc_service_construct() is called, it explicitly checks both the link type and whether there is some... read CVE-2023-52773
Published: May 21, 2024; 12:15:16 PM -0400

V3.1: 5.5 MEDIUM
CVE-2023-52772 - In the Linux kernel, the following vulnerability has been resolved: af_unix: fix use-after-free in unix_stream_read_actor() syzbot reported the following crash [1] After releasing unix socket lock, u->oob_skb can be changed by another thread. W... read CVE-2023-52772
Published: May 21, 2024; 12:15:16 PM -0400

V3.1: 7.8 HIGH
CVE-2023-52769 - In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix htt mlo-offset event locking The ath12k active pdevs are protected by RCU but the htt mlo-offset event handling code calling ath12k_mac_get_ar_by_pdev_id() was... read CVE-2023-52769
Published: May 21, 2024; 12:15:16 PM -0400

V3.1: 7.8 HIGH
CVE-2023-52760 - In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in gfs2_qd_dealloc In gfs2_put_super(), whether withdrawn or not, the quota should be cleaned up by gfs2_quota_cleanup(). Otherwise, struct gfs2_s... read CVE-2023-52760
Published: May 21, 2024; 12:15:15 PM -0400

V3.1: 7.8 HIGH
CVE-2023-52753 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid NULL dereference of timing generator [Why & How] Check whether assigned timing generator is NULL or not before accessing its funcs to prevent NULL derefer... read CVE-2023-52753
Published: May 21, 2024; 12:15:14 PM -0400

V3.1: 5.5 MEDIUM
CVE-2023-52752 - In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_sh... read CVE-2023-52752
Published: May 21, 2024; 12:15:14 PM -0400

V3.1: 7.8 HIGH
CVE-2024-36008 - In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() syzbot was able to trigger a NULL deref in fib_validate_source() in an old tree [1]. It appears the bug exists in latest trees.... read CVE-2024-36008
Published: May 20, 2024; 6:15:14 AM -0400

V3.1: 5.5 MEDIUM
CVE-2024-35990 - In the Linux kernel, the following vulnerability has been resolved: dma: xilinx_dpdma: Fix locking There are several places where either chan->lock or chan->vchan.lock was not held. Add appropriate locking. This fixes lockdep warnings like [ ... read CVE-2024-35990
Published: May 20, 2024; 6:15:13 AM -0400

V3.1: 5.5 MEDIUM

Created September 20, 2022 , Updated April 25, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: