CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2023-52893 In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmi_get_variable We can get EFI variables without fetching the attribute, so we must allow for that in gs... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52894 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() In Google internal bug 265639009 we've received an (as yet) unre... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52895 In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: don't reissue in case of poll race on multishot request A previous commit fixed a poll race that can occur, but it'... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52896 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between quota rescan and disable leading to NULL pointer deref If we have one task trying to start the quota resca... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-52897 In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: do not warn on record without old_roots populated [BUG] There are some reports from the mailing list that since v6.... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-52898 In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference when host dies Make sure xhci_free_dev() and xhci_kill_endpoint_urbs() do not race and cause nu... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-52899 In the Linux kernel, the following vulnerability has been resolved: Add exception protection processing for vd in axi_chan_handle_err function Since there is no protection for vd, a kernel panic wil... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52900 In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfs_btree_insert() If nilfs2 reads a corrupted disk image and tries to reads a b-tree no... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52901 In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check endpoint is valid before dereferencing it When the host controller is not responding, all URBs queued to all endp... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-43887 In the Linux kernel, the following vulnerability has been resolved: net/tcp: Disable TCP-AO static key after RCU grace period The lifetime of TCP-AO static_key is the same as the last tcp_ao_info. O... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-52902 In the Linux kernel, the following vulnerability has been resolved: nommu: fix memory leak in do_mmap() error path The preallocation of the maple tree nodes may leak if the error path to "error_just... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52903 In the Linux kernel, the following vulnerability has been resolved: io_uring: lock overflowing for IOPOLL syzbot reports an issue with overflow filling for IOPOLL: WARNING: CPU: 0 PID: 28 at io_uri... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52905 In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix resource leakage in VF driver unbind resources allocated like mcam entries to support the Ntuple feature and has... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52906 In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mpls: Fix warning during failed attribute validation The 'TCA_MPLS_LABEL' attribute is of 'NLA_U32' type, but has a... | 7.8 | HIGH | — | 0 |
| CVE-2023-52907 In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() Fix a use-after-free that occurs in hcd when in_urb sent from ... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52908 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential NULL dereference Fix potential NULL dereference, in the case when "man", the resource manager might be N... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52909 In the Linux kernel, the following vulnerability has been resolved: nfsd: fix handling of cached open files in nfsd4_open codepath Commit fb70bf124b05 ("NFSD: Instantiate a struct file when creating... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-52910 In the Linux kernel, the following vulnerability has been resolved: iommu/iova: Fix alloc iova overflows issue In __alloc_and_insert_iova_range, there is an issue that retry_pfn overflows. The value... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52911 In the Linux kernel, the following vulnerability has been resolved: drm/msm: another fix for the headless Adreno GPU Fix another oops reproducible when rebooting the board with the Adreno GPU workin... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52912 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed bug on error when unloading amdgpu Fixed bug on error when unloading amdgpu. The error message is as follows: [... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-43891 In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENT_FILE_FL_FREED When eventfs was introduced, special care had to be done to coordinate the fre... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-52914 In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: add hash if ready poll request can't complete inline If we don't, then we may lose access to it completely, leading... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-42783 Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php. An attacker can execute arbitrary SQL commands via the "pid" parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-20488 A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could al... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-7969 Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
| CVE-2021-4441 In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() In zynq_qspi_exec_mem_op(), kzalloc() is directly us... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48901 In the Linux kernel, the following vulnerability has been resolved: btrfs: do not start relocation until in progress drops are done We hit a bug with a recovering relocation on mount for one of our ... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48906 In the Linux kernel, the following vulnerability has been resolved: mptcp: Correctly set DATA_FIN timeout when number of retransmits is large Syzkaller with UBSAN uncovered a scenario where a large ... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48902 In the Linux kernel, the following vulnerability has been resolved: btrfs: do not WARN_ON() if we have PageError set Whenever we do any extent buffer operations we call assert_eb_page_uptodate() to ... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48903 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() We are seeing crashes similar to the following... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48904 In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix I/O page table memory leak The current logic updates the I/O page table mode for the domain before calling the logi... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48905 In the Linux kernel, the following vulnerability has been resolved: ibmvnic: free reset-work-item when flushing Fix a tiny memory leak when flushing the reset work queue. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48907 In the Linux kernel, the following vulnerability has been resolved: auxdisplay: lcd2s: Fix memory leak in ->remove() Once allocated the struct lcd2s_data is never freed. Fix the memory leak by switc... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48909 In the Linux kernel, the following vulnerability has been resolved: net/smc: fix connection leak There's a potential leak issue under following execution sequence : smc_release smc_connect_wor... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48911 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: fix possible use-after-free Eric Dumazet says: The sock_hold() side seems suspect, because there is no guar... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48914 In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before real_num_tx_queues is zeroed xennet_destroy_queues() relies on info->netdev->real_num_tx_queue... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48916 In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix double list_add when enabling VMD in scalable mode When enabling VMD and IOMMU scalable mode, the following kernel... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48920 In the Linux kernel, the following vulnerability has been resolved: btrfs: get rid of warning on transaction commit when using flushoncommit When using the flushoncommit mount option, during almost ... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48921 In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix fault in reweight_entity Syzbot found a GPF in reweight_entity. This has been bisected to commit 4ef0c5c6b5ba ("ke... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-48922 In the Linux kernel, the following vulnerability has been resolved: riscv: fix oops caused by irqsoff latency tracer The trace_hardirqs_{on,off}() require the caller to setup frame pointer properly.... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48923 In the Linux kernel, the following vulnerability has been resolved: btrfs: prevent copying too big compressed lzo segment Compressed length can be corrupted to be a lot larger than memory we have al... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48936 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2024-7778 The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization a... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-7848 The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpk_upvf_update_doc' ... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-38208 Microsoft Edge for Android Spoofing Vulnerability | 6.1 | MEDIUM | — | 0 |
| CVE-2024-38209 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-6502 An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to... | 5.7 | MEDIUM | — | 0 |
| CVE-2024-7110 An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeli... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-8041 A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1. A denial of service could occur upon importi... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-39776 Avtec Outpost stores sensitive information in an insecure location without proper access controls in place. | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.