Lucene search
K
CveMost viewed

368410 matches found

CVE
CVE
added 2024/03/06 6:45 a.m.4010 views

CVE-2023-52585

The CVE-2023-52585 vulnerability affects the Linux kernel AMDGPU driver (drm/amdgpu). A NULL dereference could occur in amdgpu_ras_query_error_status_helper() when handling error info and an invalid block id; the fix returns -EINVAL for invalid block ids and prevents the NULL dereference. Affecte...

5.5CVSS7.2AI score0.00282EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/05/01 5:27 a.m.4006 views

CVE-2024-26981

CVE-2024-26981 affects the Linux kernel nilfs2 implementation. The flaw is an out-of-bounds access in nilfs_set_de_type: the index into nilfs_type_by_mode is computed as (mode & S_IFMT) >> S_SHIFT, but the array size is defined as S_IFMT >> S_SHIFT, which can produce an OOB when mode ...

7.8CVSS6.1AI score0.00271EPSS
Exploits0References13Affected Software1
CVE
CVE
added 2024/05/01 5:19 a.m.4001 views

CVE-2024-26966

CVE-2024-26966 pertains to the Linux kernel clk: qcom: mmcc-apq8084 issue. The vulnerability arose because frequency table arrays were not terminated with an empty element, risking out-of-bounds access when traversed by qcom_find_freq() or qcom_find_freq_floor(). The fix adds a terminating empty ...

5.5CVSS6.4AI score0.00251EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2024/05/01 12:53 p.m.3999 views

CVE-2024-27038

The CVE-2024-27038 issue is a NULL dereference in clk_core_get() during hw dereferencing of clk->core. A NULL hw is produced when __clk_get_hw() returns NULL, and clk_core_get() dereferences hw->core. The fix, described in the kernel patch and reflected in Astra Linux/IBM advisories, change...

5.5CVSS6.3AI score0.00292EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2024/05/01 1:4 p.m.3996 views

CVE-2024-27074

The CVE-2024-27074 entry concerns a Linux kernel memory leak in the media go7007 path. Specifically, in go7007_load_encoder the bounce object (go->boot_fw) is allocated but not deallocated, and is freed later via kfree(go) after the call chain saa7134_go7007_init -> go7007_boot_encoder -&gt...

5.5CVSS6.3AI score0.00289EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.3994 views

CVE-2024-25850

CVE-2024-25850 affects Netis WF2780 firmware v2.1.40144. The vulnerability is a command-injection issue exploitable via the wps_ap_ssid5g parameter, with an apparent impact on confidentiality, integrity, and availability. CVSS v3.1 metrics indicate a 9.8 (CRITICAL) base score, network attack vect...

9.8CVSS7.8AI score0.19074EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/02/21 3:14 a.m.3992 views

CVE-2024-1673

CVE-2024-1673 affects Google Chrome/Chromium: a use-after-free in Accessibility in the renderer prior to 122.0.6261.57 can allow a remote attacker to potentially cause heap corruption via specific UI gestures. Affected product: Chromium/Chrome (Accessibility component) with root cause described a...

8.8CVSS5.9AI score0.00795EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/05/01 5:19 a.m.3991 views

CVE-2024-26961

CVE-2024-26961 affects the Linux kernel, related to mac802154_llsec_key_del freeing key resources outside the required RCU grace period. The issue can lead to a use-after-free when llsec_lookup_key() traverses the key list in parallel with a deletion. The provided connected documents describe the...

7.8CVSS6.3AI score0.00239EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/02/27 8:27 a.m.3990 views

CVE-2023-50379

CVE-2023-50379 affects Apache Ambari prior to 2.7.8, enabling an authenticated attacker to inject malicious code by manipulating a request and achieve root access on the cluster’s main host. The vulnerability stems from a code-injection flaw in Ambari’s request handling, with impact described as ...

8.8CVSS9AI score0.01064EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/01 1:4 p.m.3986 views

CVE-2024-27078

CVE-2024-27078 affects the Linux kernel component media: v4l2-tpg . The issue is a resource leak in the tpg_alloc error paths where allocated resources were not always deallocated, leading to memleaks because tpg_free was only called when tpg_alloc returned 0. The patch ensures deallocation occur...

5.5CVSS6.4AI score0.00291EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2024/02/21 3:14 a.m.3985 views

CVE-2024-1672

CVE-2024-1672 affects Google Chrome/Chromium CSP handling. The vulnerability arises from an inappropriate CSP policy implementation that allows bypass via a crafted HTML page. Root cause: CSP module in Chromium is improperly enforcing policy. Affected: Chrome/Chromium builds prior to 122.0.6261.5...

8.8CVSS4.8AI score0.00881EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/05/01 5:20 a.m.3982 views

CVE-2024-26974

CVE-2024-26974 affects the Linux kernel crypto/qat driver. A race during PCI AER error recovery could cause a use-after-free of the reset_data container used for completion notification after a device restart, triggering a KFENCE use-after-free notice. The fix alters memory lifetime: the containe...

7CVSS6.3AI score0.00192EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2024/05/01 1:4 p.m.3979 views

CVE-2024-27076

CVE-2024-27076 affects the Linux kernel in the media: imx: csc/scaler path. The root cause is a memory leak in v4l2_ctrl_handler: memory allocated in v4l2_ctrl_handler_init was not freed on release. The patch fixes this by freeing the allocated memory on release, mitigating a local-vector memory ...

5.5CVSS6.5AI score0.00289EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2024/02/28 3:42 p.m.3978 views

CVE-2024-25065

CVE-2024-25065 affects Apache OFBiz. A path traversal issue allows authentication bypass. The issue impacts OFBiz versions before 18.12.12. Upgrade to 18.12.12 (or later) to fix; multiple sources (NVD, Red Hat, PRIoN, OSV) corroborate the vulnerability and fix. If applying mitigations, ensure ver...

9.1CVSS9.4AI score0.47667EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/02/12 5:46 p.m.3972 views

CVE-2022-34310

The CVE-2022-34310 issue affects IBM CICS TX Standard and Advanced 11.1, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. Public documents confirm affected products and versions (IBM CICS TX Standard and IBM CICS TX Advanced, 11....

7.5CVSS5.5AI score0.00486EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/05/01 12:54 p.m.3962 views

CVE-2024-27044

The CVE CVE-2024-27044 affects the Linux kernel DRM/AMD display path. A NULL pointer dereference vulnerability occurs in dcn10_set_output_transfer_func() where the stream pointer is used before a NULL check, as reported in the patch note for drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn10/dcn...

5.5CVSS6.5AI score0.00279EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/05/01 5:27 a.m.3957 views

CVE-2024-26989

CVE-2024-26989: Linux kernel vulnerability on arm64 hibernate (swsusp_save) caused by saving MEMBLOCK_NOMAP pages due to kernel_page_present logic mishandling when can_set_direct_map() is false. Connected docs confirm the root cause: changes to pfn_valid() logic; fix: drop the !can_set_direct_map...

7.8CVSS5.9AI score0.00238EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2019/04/10 9:4 p.m.3957 views

CVE-2019-11072

The issue is in lighttpd before 1.4.54 where a signed integer overflow in burl_normalize_2F_to_slash_fix could be triggered by crafted input via HTTP GET requests, potentially causing a denial of service (application crash) and possibly other impact. The vulnerability is tied to a feature introdu...

9.8CVSS9.8AI score0.73762EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/02/20 8:2 a.m.3956 views

CVE-2024-25974

OpenOlat (Frentix GmbH) OpenOlat LMS is affected by a stored Cross-Site Scripting (XSS) vulnerability: authenticated users can upload SVG images via the Media Center in OpenOlat 18.1.5 and earlier, and share the uploaded files with groups (including admins), enabling JavaScript payload execution....

5.4CVSS5AI score0.0055EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2024/02/18 2:58 a.m.3951 views

CVE-2023-52360

CVE-2023-52360 is a Huawei HarmonyOS baseband logic vulnerability with a network-facing attack surface that can compromise service integrity. The CVSS=7.5 (HIGH) reflects potential high impact to integrity while confidentiality/availability remain unaffected per the provided metrics. Several conn...

7.5CVSS6.9AI score0.00293EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2024/05/01 12:53 p.m.3950 views

CVE-2023-52650

CVE-2023-52650 affects the Linux kernel's drm/tegra subsystem (dsi). The vulnerability arises from a missing check for the return value of of_find_device_by_node(), risking a NULL pointer dereference. The issue has a formal fix in the kernel: add the check and return an error when of_find_device_...

5.5CVSS6.3AI score0.00304EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2024/02/18 3:41 a.m.3950 views

CVE-2023-52370

CVE-2023-52370 is a stack overflow vulnerability in the network acceleration module that can lead to unauthorized file access. The NVD entry assigns a CVSS v3.1 base score of 9.8 (CRITICAL) with network attack vector, low attack complexity, no privileges or user interaction required, and impacts ...

9.8CVSS7AI score0.00456EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2024/05/01 1:4 p.m.3948 views

CVE-2024-27077

CVE-2024-27077 affects the Linux kernel via a memleak in media: v4l2-mem2mem, specifically in v4l2_m2m_register_entity where entity->name is allocated but not freed on subsequent error paths. The patch adds deallocation of entity->name in error-handling paths to prevent the leak. Public adv...

5.5CVSS6.3AI score0.00289EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2024/02/21 12:0 a.m.3948 views

CVE-2024-24479

CVE-2024-24479 describes a potential buffer overflow in Wireshark before 4.2.0, via wsutil/to_str.c and format_fractional_part_nsecs, which could lead to a remote DoS. The initial entry notes the vendor disputes that 4.2.0 or any release was affected, so the applicability of this CVE is contested...

7.5CVSS6.5AI score0.01309EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/03/21 10:43 a.m.3947 views

CVE-2023-52620

CVE-2023-52620 (Linux kernel) affects the nf_tables component of the Linux kernel, where the vulnerability arises from allowing a timeout parameter on anonymous sets and disallowing such parameters from userspace. The CVSS vector provided in the initial document indicates a Local, Low-severity im...

2.5CVSS7.1AI score0.0024EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/03/25 12:0 a.m.3944 views

CVE-2024-30203

CVE-2024-30203 affects GNU Emacs prior to 29.3, where Gnus treats inline MIME contents as trusted. Public advisories from multiple sources (e.g., ALAS/ALAS2) recommend upgrading Emacs to a newer version (29.3 or later) to apply the fix. The issue is limited to Emacs/Gnus handling of inline MIME; ...

5.5CVSS6.3AI score0.00584EPSS
Exploits0References16Affected Software1
CVE
CVE
added 2024/02/23 12:0 a.m.3942 views

CVE-2024-25730

The CVE-2024-25730 issue affects Hitron CODA-4582 and CODA-4589 devices where default PSKs are derived from a 5-digit hex value concatenated with the string “Hitron,” producing very low entropy (roughly one million possibilities). This has been documented across multiple sources (NVD, Red Hat, CN...

9.8CVSS6.8AI score0.00864EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2024/12/15 10:56 a.m.3941 views

CVE-2024-7701

CVE-2024-7701 concerns Percona Toolkit1 3.6.0, where use of a password hash with insufficient computational effort enables encryption brute-forcing. The available sources identify the affected component (percona-toolkit 3.6.0) and the general vulnerability class, but do not provide deeper root-ca...

7.5CVSS6.7AI score0.002EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/01 12:54 p.m.3941 views

CVE-2024-27046

CVE-2024-27046 is a Linux kernel vulnerability affecting the nfp: flower path. The issue occurs when kmalloc_array() in nfp_fl_lag_do_work() returns NULL under memory pressure, which can lead to a NULL pointer dereference when accessing acti_netdevs. The accompanying patch adds a check for alloca...

5.5CVSS6.1AI score0.00297EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2024/03/19 12:2 p.m.3939 views

CVE-2024-2611

CVE-2024-2611 describes a clickjacking-type vulnerability in Firefox and Thunderbird where a missing delay in pointer lock handling could trick a user into granting permissions. Affected products include Firefox (versions before 124 and ESR before 115.9) and Thunderbird (before 115.9). Connected ...

5.5CVSS6.6AI score0.00609EPSS
Exploits1References6Affected Software2
CVE
CVE
added 2024/02/21 12:0 a.m.3938 views

CVE-2024-24478

Wireshark CVE-2024-24478 concerns a remote denial-of-service in Wireshark before 4.2.0 via the BGP dissector (packet-bgp.c, dissect_bgp_open). The issue is reported to affect the BGP Open handling, with an alleged vulnerability path through optlen, leading to resource exhaustion. Several connecte...

7.5CVSS6.5AI score0.00979EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/05/23 7:3 a.m.3937 views

CVE-2024-36012

CVE-2024-36012 affects the Linux kernel Bluetooth stack (msft): slab-use-after-free in msft_do_close() when msft_data is freed in msft_unregister via hci_release_dev(). The fix ties msft_data lifetime to hdev and frees it in hci_release_dev(), preventing use-after-free in msft->filter_lock. Af...

7.8CVSS6.7AI score0.00212EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/27 12:0 a.m.3933 views

CVE-2024-24720

Affected software: Innovaphone PBX prior to version 14r1. Vulnerability: The Forgot password function leaks user existence information and provides divergent responses to requests, enabling information disclosure. Root cause (as described): Response behavior differences reveal whether a user exis...

5.3CVSS6.6AI score0.0047EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/10/14 4:16 a.m.3930 views

CVE-2021-40854

Product/affected: AnyDesk Desktop (Windows). Vulnerability: Local privilege escalation via the Open Chat Log feature, which can launch a privileged Notepad process to spawn other applications. Root cause: Privilege escalation path through a trusted UI component enabling elevated process creation....

7.8CVSS7.3AI score0.00197EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/12/19 4:11 p.m.3929 views

CVE-2024-12801

CVE-2024-12801 describes a Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback up to 1.5.12 on the Java platform, enabling forging requests via compromised XML configuration via modification of the DOCTYPE declaration. The connected IBM Security Bulletin for this CVE lists af...

2.4CVSS6.3AI score0.00221EPSS
Exploits0References2
CVE
CVE
added 2024/02/28 8:13 a.m.3924 views

CVE-2021-47006

CVE-2021-47006 relates to the ARM hw_breakpoint path in the Linux kernel. The issue arises from perf_event_alloc() setting a default event->overflow_handler and replacing the overflow_handler check with is_default_overflow_handler(), but one condition remains missing: bp->overflow_handler m...

5.5CVSS6.1AI score0.00253EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2024/02/20 12:0 a.m.3919 views

CVE-2024-25198

CVE-2024-25198 affects Open Robotics ROS 2 and Nav2 humble. The issue is an incorrect pointer order in amcl_node.cpp: laser_scan_filter_.reset() is called before tf_listener_.reset(), causing a use-after-free. Connected documents point to the Nav2/amcl changes and related GitHub PRs (e.g., naviga...

9.1CVSS6.7AI score0.0071EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2024/05/01 12:54 p.m.3916 views

CVE-2024-27051

CVE-2024-27051 centers on the Linux kernel’s cpufreq/brcmstb-avs-cpufreq code. The underlying issue is that cpufreq_cpu_get could return NULL, risking a NULL dereference. The fix adds a check and returns 0 on error, as described in the advisory lines: “cpufreq_cpu_get may return NULL. To avoid NU...

5.5CVSS6.5AI score0.00275EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2024/02/27 12:0 a.m.3916 views

CVE-2023-41506

CVE-2023-41506 affects the Student Enrollment In PHP software (v1.0). The vulnerability is an arbitrary file upload in the Update/Edit Student’s Profile Picture function, enabling code execution by uploading a crafted PHP file. Public sources describe it as a critical issue (CVSS v3.1: 9.8, high ...

9.8CVSS7.7AI score0.00882EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/01 5:19 a.m.3914 views

CVE-2024-26969

In CVE-2024-26969, the Linux kernel clk: qcom: gcc-ipq8074 fix terminates frequency table arrays by adding an empty element at the end. Missing termination could cause out-of-bounds access when traversed by qcom_find_freq() or qcom_find_freq_floor(). The issue is fixed in the kernel code and only...

5.5CVSS6.4AI score0.00249EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2010/12/23 5:0 p.m.3910 views

CVE-2010-3972

Summary (CVE-2010-3972): A heap-based buffer overflow in the FTP service of Microsoft IIS (ftpsvc.dll) on IIS 7.0/7.5 enables remote code execution or DoS via a crafted FTP command. Affects Microsoft IIS FTP Service; root cause is improper handling of Telnet IAC data in TELNET_STREAM_CONTEXT::OnS...

10CVSS8.2AI score0.94534EPSS
Exploits3References10Affected Software1
CVE
CVE
added 2024/05/23 7:3 a.m.3909 views

CVE-2024-36011

CVE-2024-36011 affects the Linux kernel where the Bluetooth HCI code could dereference a NULL pointer in hci_le_big_sync_established_evt(). The vulnerability is local (per CVSS vector: AV:L, AC:L, PR:L, UI:N) with a MEDIUM base score of 5.5 and an ADMIN/availability impact of HIGH. The connected ...

5.5CVSS6.7AI score0.0021EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/03/01 12:0 a.m.3905 views

CVE-2024-27355

CVE-2024-27355 affects phpseclib when parsing the ASN.1 certificate OID, where a crafted sub-identifier can cause a denial of service due to excessive CPU usage during decodeOID. Affected versions are 1.x < 1.0.23, 2.x < 2.0.47, and 3.x

7.5CVSS7.2AI score0.00569EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2018/09/05 10:0 p.m.3904 views

CVE-2018-16550

CVE-2018-16550 affects TeamViewer 10.x–13.x. A remote attacker can bypass the brute‑force authentication protection by skipping the Cancel step, making it easier to determine the default 4‑digit PIN. The vulnerability is documented with a CVSS v3 base score of 9.8 (CRITICAL) and vector AV:N/AC:L/...

9.8CVSS9.5AI score0.03576EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/01 12:53 p.m.3902 views

CVE-2024-27030

CVE-2024-27030 – Verified in connected advisories: the issue is fixed in the Linux kernel by introducing separate interrupt handlers for octeontx2-af, addressing a race condition where PF→AF and VF→AF interrupt vectors used the same handler, causing two CPUs to handle the same event and corrupt d...

6.3CVSS6.5AI score0.00203EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2022/05/05 4:18 p.m.3895 views

CVE-2022-1388

CVE-2022-1388 affects F5 BIG-IP iControl REST authentication. Affected: BIG-IP 16.1.x before 16.1.2.2; 15.1.x before 15.1.5.1; 14.1.x before 14.1.4.6; 13.1.x before 13.1.5; and all 12.1.x and 11.6.x. Root cause per CNVD/CISA: authentication bypass via iControl REST, enabling unauthenticated acces...

9.8CVSS9.7AI score0.99956EPSS
In wildExploits63References6Affected Software11
CVE
CVE
added 2024/02/22 12:0 a.m.3887 views

CVE-2024-25828

CMSEasy v7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php. From the documents: vulnerable component is the file lib/admin/template_admin.php; impact is arbitrary file deletion with no confidentiality impact but potential integrity/availability effects; attack v...

4.9CVSS6.9AI score0.00614EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/05/01 5:19 a.m.3886 views

CVE-2024-26958

CVE-2024-26958 is a Linux kernel vulnerability in the NFS direct write path that could cause use-after-free (refcount underflow) when completing nfs_direct_request twice in a row. A patch fixes the double-completion scenario; the CVSS 3.1 base score is 7.8 (High) with Local attack and High impact...

7.8CVSS6.7AI score0.00244EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2024/02/23 12:0 a.m.3866 views

CVE-2024-22988

CVE-2024-22988 – ZKTeco ZKBio WDMS : Affects ZKBio WDMS prior to 9.0.2 Build 20250526. The vulnerability allows an attacker to download a database backup via the /files/backup/ component because the backup filename is based on a predictable timestamp, enabling unauthorized access to backups. Red ...

9.8CVSS9.3AI score0.00815EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/05/01 12:54 p.m.3864 views

CVE-2024-27047

CVE-2024-27047 affects the Linux kernel: net: phy: fix phy_get_internal_delay accessing an empty array. The issue occurs when a driver calls phy_get_internal_delay without defining delay_values and rx-/tx-internal-delay-ps is 0 in device-tree, risking a NULL pointer dereference and kernel oops. A...

5.5CVSS6.1AI score0.00281EPSS
Exploits0References9Affected Software1
Total number of security vulnerabilities5000