) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2024-56588 - In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Create all dump files during debugfs initialization For the current debugfs of hisi_sas, after user triggers dump, the driver allocate memory space to save the r... read CVE-2024-56588
Published: December 27, 2024; 10:15:18 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-56599 - In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: avoid NULL pointer error during sdio remove When running 'rmmod ath10k', ath10k_sdio_remove() will free sdio workqueue by destroy_workqueue(). But if CONFIG_INIT_O... read CVE-2024-56599
Published: December 27, 2024; 10:15:19 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-56606 - In the Linux kernel, the following vulnerability has been resolved: af_packet: avoid erroring out after sock_init_data() in packet_create() After sock_init_data() the allocated sk object is attached to the provided sock object. On error, packet_... read CVE-2024-56606
Published: December 27, 2024; 10:15:20 AM -0500V3.1: 7.8 HIGH
-
CVE-2024-56623 - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix use after free on unload System crash is observed with stack trace warning of use after free. There are 2 signals to tell dpc_thread to terminate (UNLOADING f... read CVE-2024-56623
Published: December 27, 2024; 10:15:21 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-56631 - In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sg_release() Fix a use-after-free bug in sg_release(), detected by syzbot with KASAN: BUG: KASAN: slab-use-after-free in lock_release+... read CVE-2024-56631
Published: December 27, 2024; 10:15:22 AM -0500V3.1: 7.8 HIGH
-
CVE-2024-56642 - In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free of kernel socket in cleanup_bearer(). syzkaller reported a use-after-free of UDP kernel socket in cleanup_bearer() without repro. [0][1] When bearer_di... read CVE-2024-56642
Published: December 27, 2024; 10:15:23 AM -0500V3.1: 7.8 HIGH
-
CVE-2024-38182 - Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.
Published: July 31, 2024; 7:15:13 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-42107 - In the Linux kernel, the following vulnerability has been resolved: ice: Don't process extts if PTP is disabled The ice_ptp_extts_event() function can race with ice_ptp_release() and result in a NULL pointer dereference which leads to a kernel p... read CVE-2024-42107
Published: July 30, 2024; 4:15:03 AM -0400V3.1: 4.7 MEDIUM
-
CVE-2022-48884 - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command stats access after free Command may fail while driver is reloading and can't accept FW commands till command interface is reinitialized. Such command failu... read CVE-2022-48884
Published: August 21, 2024; 3:15:04 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2024-46715 - In the Linux kernel, the following vulnerability has been resolved: driver: iio: add missing checks on iio_info's callback access Some callbacks from iio_info structure are accessed without any check, so if a driver doesn't implement them trying... read CVE-2024-46715
Published: September 18, 2024; 3:15:03 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2024-53199 - In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-audmix: Add NULL check in imx_audmix_probe devm_kasprintf() can return a NULL pointer on failure,but this returned value in imx_audmix_probe() is not checked. Add NULL... read CVE-2024-53199
Published: December 27, 2024; 9:15:27 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-53200 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp This commit addresses a null pointer dereference issue in hwss_setup_dpp(). The issue could occur whe... read CVE-2024-53200
Published: December 27, 2024; 9:15:27 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-53201 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe This commit addresses a null pointer dereference issue in dcn20_program_pipe(). Previously, commi... read CVE-2024-53201
Published: December 27, 2024; 9:15:27 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-53207 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible deadlocks This fixes possible deadlocks like the following caused by hci_cmd_sync_dequeue causing the destroy function to run: INFO: task kworker... read CVE-2024-53207
Published: December 27, 2024; 9:15:28 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-53222 - In the Linux kernel, the following vulnerability has been resolved: zram: fix NULL pointer in comp_algorithm_show() LTP reported a NULL pointer dereference as followed: CPU: 7 UID: 0 PID: 5995 Comm: cat Kdump: loaded Not tainted 6.12.0-rc6+ #3... read CVE-2024-53222
Published: December 27, 2024; 9:15:30 AM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-5828 - Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00.
Published: August 05, 2024; 11:15:30 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-56541 - In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup() During ath12k module removal, in ath12k_core_deinit(), ath12k_mac_destroy() un-registers ah->hw from mac80211 and free... read CVE-2024-56541
Published: December 27, 2024; 9:15:33 AM -0500V3.1: 7.8 HIGH
-
CVE-2024-3500 - The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contribut... read CVE-2024-3500
Published: May 02, 2024; 1:15:26 PM -0400 -
CVE-2024-6824 - The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'check_temp_validity' and 'update_template_title' functions in all versions up to, and inclu... read CVE-2024-6824
Published: August 08, 2024; 2:15:41 AM -0400V3.1: 4.3 MEDIUM
-
CVE-2024-3728 - The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery & Interactive Circle widgets in all versions ... read CVE-2024-3728
Published: May 02, 2024; 1:15:30 PM -0400