Lucene search
K
CveMost viewed

369102 matches found

CVE
CVE
added 2024/02/16 12:8 a.m.4725 views

CVE-2024-0032

CVE-2024-0032 affects the Android Framework (FileSystemProvider.java, queryChildDocuments) and enables local escalation of privilege due to improper input validation. Impact is described as Elevation of Privilege with HIGH confidentiality/integrity/availability impact; exploit requires user inter...

6.8CVSS6.7AI score0.00454EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2021/01/26 12:0 a.m.4724 views

CVE-2021-3156

CVE-2021-3156 is a heap-based buffer overflow in sudo that enables privilege escalation to root. The issue arises in the argument parsing path and is exploitable via commands using sudoedit -s with a trailing backslash, leading to memory corruption. Affected release information in the provided do...

7.8CVSS8.3AI score0.99295EPSS
In wildExploits81References35Affected Software1
CVE
CVE
added 2024/02/15 10:31 p.m.4720 views

CVE-2023-40111

The provided documents only repeat the CVE description (MediaSessionRecord.java, possible local privilege escalation via a confused deputy) with no additional technical details, affected versions, or fixes. Public technical details are not available here; monitor for updates.

7.8CVSS7AI score0.00095EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/09/16 2:40 p.m.4719 views

CVE-2021-40438

CVE-2021-40438 is an SSRF flaw in Apache HTTP Server 2.4.x through older revisions where a crafted request URI path can cause mod_proxy to forward the request to an origin server chosen by the remote user. The issue affects Apache httpd 2.4.48 and earlier; the CVSSv3.1 base score is 9.0 (CRITICAL...

9CVSS9.5AI score0.99999EPSS
In wildExploits5References20Affected Software1
CVE
CVE
added 2019/10/28 2:19 p.m.4719 views

CVE-2019-11043

CVE-2019-11043 affects PHP in FPM configurations where known underflow in env_path_info in fpm_main.c allows writing past buffers, enabling remote code execution. Affected versions are PHP 7.1.x < 7.1.33, 7.2.x < 7.2.24, and 7.3.x

9.8CVSS9.6AI score0.9947EPSS
In wildExploits54References28Affected Software1
CVE
CVE
added 2024/03/01 9:15 p.m.4688 views

CVE-2021-47079

CVE-2021-47079: Linux kernel platform/x86 ideapad-laptop NULL pointer dereference in dytc_cql_command (third parameter must not be NULL). The vulnerability was resolved in upstream kernel as described; attack vector LOCAL with LOW complexity and HIGH impact on availability per NVD metrics. Connec...

5.5CVSS6.5AI score0.00193EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/16 12:8 a.m.4681 views

CVE-2024-0035

The CVE 2024-0035 entry concerns Android’s TileLifecycleManager.java, specifically onNullBinding, where a missing null check could allow launching an activity from the background. This creates a local elevation of privilege with no extra execution privileges or user interaction required. Affected...

7.8CVSS7AI score0.00119EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.4679 views

CVE-2021-47048

CVE-2021-47048 affects the Linux kernel SPI driver spi-zynqmp-gqspi. The vulnerability arises when handling op->addr, where a buffer (tmpbuf) is freed and subsequently used, leading to a use-after-free. The root cause is use-after-free in zynqmp_qspi_exec_op, which can trigger Kasan warnings. ...

7.8CVSS6.8AI score0.00238EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.4679 views

CVE-2021-47032

CVE-2021-47032 concerns the Linux kernel mt76 mt7915 driver: the fix ensures the first pointer in the txp is unmapped, preventing a leak of DMA mapping entries. The patch addresses a local DMA-mapping leak in the TX path; no remote/exploit details are provided in the sources beyond the fix. CVSS ...

5.5CVSS6.4AI score0.00222EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.4674 views

CVE-2021-47046

Summary (CVE-2021-47046) : In Linux kernel DRM/AMD display, the hdmi_14_process_transaction() path suffered an off-by-one read overflow due to a missing hdcp_i2c_offsets entry for HDCP_MESSAGE_ID_WRITE_CONTENT_STREAM_TYPE. A fix added the missing entry and copied the 0x0 offset from similar code,...

7.8CVSS6.6AI score0.00245EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/20 10:1 a.m.4674 views

CVE-2023-50270

Summary: CVE-2023-50270 affects Apache DolphinScheduler and relates to session fixation. The authenticated user session remains valid after a password change, enabling potential misuse. Public references from multiple sources (Red Hat, OSV, CVE notes, Veracode analysis, GitHub advisories) converg...

6.5CVSS6.5AI score0.01306EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/05/01 1:5 p.m.4671 views

CVE-2024-27388

CVE-2024-27388 (Linux kernel SUNRPC) is a memory-leak issue in gssx_dec_option_array where creds and oa->data were not freed in error paths. Connected sources confirm the fix adds deallocation in the corresponding error-handling paths to prevent leaks. Public exploit details are not provided i...

5.5CVSS6.3AI score0.00296EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.4666 views

CVE-2021-47049

CVE-2021-47049 affects the Linux kernel driver hv: vmbus. The vulnerability is a use-after-free in __vmbus_open() caused by freeing open_info without removing it from the vmbus_connection. The fix is to remove open_info from the chn_msg_list before freeing it (explicit in the advisory). Impact is...

7.8CVSS6.7AI score0.00227EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.4664 views

CVE-2021-46981

CVE-2021-46981 affects the Linux kernel nbd subsystem where a NULL pointer in flush_workqueue could be dereferenced when opening /dev/nbdX and then disconnecting, leading to a kernel crash. The fix adds a guard in nbd_disconnect_and_put to check nbd->recv_workq before use. Connected advisories...

5.5CVSS5.9AI score0.0025EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.4660 views

CVE-2021-47008

CVE-2021-47008 relates to the Linux kernel KVM/SVM path where GHCB is updated in SIPI handling and MSR operations. The vulnerability arises if SIPIs occur without a corresponding AP Reset Hold, risking a NULL pointer dereference when GHCB is not mapped, and similarly a potential GHCB access issue...

5.5CVSS6.4AI score0.00236EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/02/21 3:14 a.m.4648 views

CVE-2024-1670

CVE-2024-1670: Use-after-free in Mojo of Google Chrome/Chromium (pre-122.0.6261.57) allows remote attacker to potentially cause heap corruption via a crafted HTML page. Affected: Chromium/Chrome Mojo component; Impact: high (remote code/heap corruption) per CVSS. Mitigation: upgrade to Chromium/C...

8.8CVSS5.8AI score0.08994EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.4640 views

CVE-2021-47041

The CVE-2021-47041 issue is a Linux kernel nvmet-tcp locking bug: in nvmet_tcp_state_change, a write_lock was used for TCP state changes, causing a deadlock with nvme-tcp when both run on the same system. The fix described is to stop taking a write_lock and use a read lock instead, addressing the...

5.5CVSS6.3AI score0.00181EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.4636 views

CVE-2021-47024

The CVE-2021-47024 issue is in the Linux kernel vsock/virtio path, where a memory leak occurs when closing a socket due to not draining the RX queue after the socket is definitively closed. The advisory notes partial remediation via ac03046ece2b, but the proper fix is to drain the RX queue before...

5.5CVSS6.3AI score0.0025EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.4635 views

CVE-2021-47025

CVE-2021-47025 affects the Linux kernel's Mediatek IOMMU driver. Root cause: mtK IOMMU runtime suspend incorrectly disables the clock if m4u_dom is null, risking a warning and unnecessary clock disable. The fix enables the clock on runtime resume and reduces clock management during init (mtk_iomm...

7.8CVSS6.5AI score0.0023EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/16 1:39 p.m.4633 views

CVE-2023-46842

CVE-2023-46842 affects the Xen hypervisor. The VULNERABILITY allows HVM guests to switch between 64-bit and other modes, enabling potential manipulation of registers used for 32-bit hypercall arguments. Translation of hypercall arguments and lax sanity checks on register high halves can trigger a...

6.5CVSS6.3AI score0.0853EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/20 9:58 a.m.4628 views

CVE-2023-49109

CVE-2023-49109 affects Apache DolphinScheduler prior to 3.2.1, described as exposure of remote code execution. Public documents align on a DolphinScheduler RCE risk and advise upgrading to version 3.2.1 to mitigate. Connected sources also reference related advisories (GHSA OSV/NVD) with similar r...

9.8CVSS8.8AI score0.02301EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/19 12:0 a.m.4628 views

CVE-2022-48625

Concerning CVE-2022-48625, the vulnerability affects Yealink Config Encrypt Tool versions prior to 1.2, which ships with a built‑in RSA key pair. This design enables potential decryption of encrypted deployment files by an adversary using the default key. The impact is a decryption risk (per the ...

7.5CVSS6.8AI score0.00444EPSS
Exploits0References1Affected Software1
CVE
CVE
added 1976/01/01 12:0 a.m.4628 views

CVE-2024-53996

CVE-2024-53996 is rejected and not used; it does not represent an active vulnerability entry.

7AI score
Exploits0
CVE
CVE
added 2024/02/16 12:8 a.m.4626 views

CVE-2024-0014

CVE-2024-0014: The UpdateFetcher.java startInstall path contains a logic error that could allow a malicious config update, enabling local privilege escalation with no extra privileges and no user interaction required. This vulnerability is described across multiple sources (NVD/Red Hat/UVD enrich...

8.4CVSS7AI score0.00136EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/20 2:59 p.m.4620 views

CVE-2024-23114

CVE-2024-23114 affects the Apache Camel CassandraQL component’s AggregationRepository, where an unsafe deserialization exposes a path to remote code execution under certain conditions. The associated connected advisories confirm the issue and list affected series: Camel 3.x (3.0.0–3.21.4, and 3.2...

9.8CVSS9.2AI score0.01145EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/02/18 3:51 a.m.4620 views

CVE-2023-52372

CVE-2023-52372 affects Huawei HarmonyOS (including EMUI) with a vulnerability in the motor module’s input parameter verification that can cause a denial of service and affect availability. The CNVD entry corroborates a DoS impact linked to HarmonyOS/EMUI, and the NVD/NVD-derived description also ...

7.5CVSS6.7AI score0.00379EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2024/02/18 3:0 a.m.4619 views

CVE-2023-52362

Technical details about CVE-2023-52362 are not publicly provided in the supplied documents. Monitor for updates from vendors (Huawei/Red Hat/CNVD) for affected products, versions, root cause specifics, and patches.

7.5CVSS6.8AI score0.00353EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2024/02/16 12:8 a.m.4614 views

CVE-2024-0041

CVE-2024-0041 describes a race condition in SystemStatusAnimationSchedulerImpl.kt (removePersistentDot) that could allow local escalation of privilege with no extra privileges and without user interaction. Connected docs corroborate the same description across multiple feeds (NVD, Red Hat, CNVD, ...

8.4CVSS6.9AI score0.00099EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/03/01 9:15 p.m.4613 views

CVE-2021-47081

CVE-2021-47081 is rejected/not used; this CVE entry does not represent an active vulnerability.

7.8CVSS6.9AI score0.00231EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/20 12:0 a.m.4609 views

CVE-2024-25199

CVE-2024-25199 affects Open Robotics ROS 2 (2) and Nav2 humble, caused by an inappropriate pointer order between map_sub_ and map_free in amcl_node.cpp, leading to a use-after-free. The entry is supported by multiple sources (NVD, Red Hat, OSV, CVE lists) and notes a high-severity impact (I/H; A/...

8.1CVSS6.7AI score0.00576EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.4603 views

CVE-2021-47012

CVE-2021-47012 concerns Linux kernel RDMA/siw. The connected Astra Linux advisories describe a use-after-free in siw_alloc_mr where mem is assigned to mr->mem in siw_mr_add_mem and later freed via kfree(mem) if xa_alloc_cyclic() fails, leaving mr->mem pointing to freed memory. The patch tim...

7.8CVSS6.8AI score0.00268EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/02/20 12:0 a.m.4603 views

CVE-2024-25274

CVE-2024-25274 affects Novel-Plus v4.3.0-RC1, with an arbitrary file upload vulnerability in the /sysFile/upload component that allows an attacker to execute arbitrary code. Public documentation consistently cites a crafted file upload as the exploit vector, underscoring impact on confidentiality...

9.8CVSS7.7AI score0.00783EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.4602 views

CVE-2021-47051

CVE-2021-47051 affects the Linux kernel SPI driver for the Freescale/NXP fsl-lpspi. The issue is a PM (power management) reference leak in lpspi_prepare_xfer_hardware(): pm_runtime_get_sync increments the PM usage counter even when the operation fails, leading to an unbalanced reference. The fix ...

5.5CVSS6.5AI score0.00225EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.4599 views

CVE-2021-47002

CVE-2021-47002 references a SUNRPC NULL pointer dereference in the Linux kernel. Issue arises when alloc_pages_node() returns null and svc_rqst_free() dereferences a null rq_scratch_page during put_page(); the patch adds a null check in the failure path (svc_rqst_alloc()) to prevent dereferencing...

5.5CVSS6.5AI score0.00236EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/02/15 10:31 p.m.4599 views

CVE-2023-40110

CVE-2023-40110 is tied to a heap buffer overflow in multiple MtpPacket.cpp functions, causing an out-of-bounds write that could enable local privilege escalation with user interaction required. Connected sources (NVD/Red Hat/PRION/CNNVD/Android bulletin) consistently reference MtpPacket.cpp as th...

7.8CVSS7.3AI score0.00103EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.4597 views

CVE-2021-47052

CVE-2021-47052 relates to the Linux kernel crypto-sa2ul path (rxd) where two error paths failed to free the rxd buffer, causing a memory leak. The vulnerability was resolved by fixing those paths to ensure rxd is freed on error exits. The provided documents confirm the issue in the crypto: sa2ul ...

5.5CVSS6.5AI score0.00236EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/16 12:8 a.m.4578 views

CVE-2024-0031

CVE-2024-0031 affects Google Android components. The vulnerability is in the function attp_build_read_by_type_value_cmd of att_protocol.cc, where improper input validation can cause an out-of-bounds write, enabling remote code execution with no privileges and no user interaction required. The pro...

9.8CVSS7.7AI score0.00613EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/15 10:31 p.m.4578 views

CVE-2023-40107

CVE-2023-40107 concerns a use-after-free in ARTPWriter (ARTPWriter.cpp) related to uninitialized data, enabling local privilege escalation without extra user interaction. The affected component is ARTPWriter (ARTPWriter.cpp); underlying issue is use-after-free, leading to potential arbitrary code...

7.8CVSS7.1AI score0.00085EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/04/17 10:27 a.m.4573 views

CVE-2024-26866

CVE-2024-26866 (Linux kernel, spi/lpspi) : The issue arises from a use-after-free in fsl_lpspi_probe() where memory allocated with spi_alloc_host()/spi_alloc_target() is freed in probe, but later referenced by devm_spi_register_controller(), leading to a NULL dereference when the controller is un...

5.5CVSS6.5AI score0.00216EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/15 10:31 p.m.4563 views

CVE-2023-40114

CVE-2023-40114 relates to an out-of-bounds write caused by a use-after-free in MtpFfsHandle.cpp, leading to local elevation of privilege with no additional execution privileges required. Exploitation requires user interaction. The public details identify the affected area (Android-related code pa...

8.4CVSS7AI score0.00097EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2011/08/29 3:0 p.m.4563 views

CVE-2011-3192

CVE-2011-3192 is a DoS flaw in the Apache HTTP Server related to how Range headers are processed. In affected releases of httpd (1.3.x, 2.0.x up to 2.0.64, and 2.2.x up to 2.2.19), a remote attacker can trigger excessive memory and CPU usage by sending a Range header with multiple overlapping ran...

7.8CVSS6.3AI score0.98945EPSS
In wildExploits17References72Affected Software1
CVE
CVE
added 2024/04/17 10:27 a.m.4559 views

CVE-2024-26879

CVE-2024-26879: In the Linux kernel, the issue is within the clock framework (meson/axg_clk_regmaps) where some clocks were missing, causing a NULL pointer dereference and kernel panic when reading /sys/kernel/debug/clk/clk_summary. Root cause: missing clocks in axg_clk_regmaps lead to regmap_rea...

5.5CVSS6.5AI score0.00223EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.4553 views

CVE-2021-47038

CVE-2021-47038: Linux kernel Bluetooth deadlock fix. The vulnerability arose from a new dependency between socket lock and hci_dev->lock introduced by commit adding BT_PHY socket option, causing hci_conn_get_phy() to use hdev->lock while the caller holds other Bluetooth locks (possible circ...

5.5CVSS6.4AI score0.00179EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/04/17 10:27 a.m.4549 views

CVE-2024-26895

CVE-2024-26895 — Linux kernel (wifi: wilc1000) use-after-free during vif cleanup . The issue occurs when unregistering net devices while traversing the vif list, because a netdevice’s private vif data is freed (due to needs_free_netdev being set during registration) and the loop subsequently acce...

7.8CVSS6.5AI score0.00235EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/04/17 10:27 a.m.4549 views

CVE-2024-26878

In CVE-2024-26878, the Linux kernel quota NULL pointer dereference is addressed: a race between dquot_free_inode (or related) and quota_off can dereference an inode quota pointer after it is nulled. The fix uses a temporary pointer to prevent the use-after-free: if inode quota pointers are access...

4.7CVSS6.2AI score0.00189EPSS
Exploits0References13Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.4548 views

CVE-2020-36785

CVE-2020-36785 concerns the Linux kernel media/atomisp subsystem. The vulnerability arises from a use-after-free in atomisp_alloc_css_stat_bufs(), where the s3a_buf is freed along with items from asd->s3a_stats, causing a double free and use-after-free condition. The initial entry indicates th...

7.8CVSS6.7AI score0.00224EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.4548 views

CVE-2024-26482

The CVE-2024-26482 entry concerns Kirby CMS v4.1.0, specifically the Edit Content Layout module, with an HTML injection vulnerability. The NVD entry notes a vendor dispute over the impact, citing that some HTML formatting is allowed and backend sanitization would prevent malicious script injectio...

7.1CVSS6.8AI score0.0032EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/05/09 4:37 p.m.4547 views

CVE-2024-27395

The CVE-2024-27395 issue is in the Linux kernel: net/openvswitch: Use-After-Free in ovs_ct_exit due to kfree_rcu being invoked outside the RCU read lock during ovs_ct_limit_exit traversal, creating a window where the freed key may be accessed after the grace period. The published fix changes the ...

7.8CVSS6.5AI score0.00244EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2024/09/03 7:36 p.m.4546 views

CVE-2024-40667

CVE-2024-40667 is documented in the Android Automotive OS Update Bulletin as a high-severity local elevation-of-privilege affecting the System component. The issue requires no additional execution privileges and could allow an attacker to gain higher privileges on devices running AAOS. The public...

Exploits0
CVE
CVE
added 2024/02/21 6:41 a.m.4544 views

CVE-2023-42873

CVE-2023-42873 affects Apple platforms and is resolved via updated bounds checks that prevent arbitrary code execution with kernel privileges. The fixed versions include macOS Sonoma 14.1; tvOS 17.1; macOS Monterey 12.7.1; macOS Ventura 13.6.1; iOS 16.7.2 and 17.1; and iPadOS 16.7.2 and 17.1. The...

7.8CVSS7.5AI score0.00225EPSS
Exploits0References10Affected Software4
Total number of security vulnerabilities5000