) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
-
CVE-2015-10107 - A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2.3.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remo... read CVE-2015-10107
Published: May 30, 2023; 11:15:09 PM -0400V3.1: 6.1 MEDIUM
-
CVE-2023-38429 - An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.
Published: July 17, 2023; 8:15:09 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2023-38430 - An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.
Published: July 17, 2023; 8:15:09 PM -0400V3.1: 9.1 CRITICAL
-
CVE-2017-20158 - ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the file actions/UploadAction.php. The manipulation of ... read CVE-2017-20158
Published: December 31, 2022; 6:15:08 AM -0500V3.1: 6.1 MEDIUM
-
CVE-2023-49004 - An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter.
Published: December 19, 2023; 5:15:08 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2023-50976 - Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API.
Published: December 17, 2023; 7:15:11 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2023-41359 - An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.
Published: August 29, 2023; 12:15:16 AM -0400V3.1: 9.1 CRITICAL
-
CVE-2023-41360 - An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.
Published: August 29, 2023; 12:15:16 AM -0400V3.1: 9.1 CRITICAL
-
CVE-2023-41358 - An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.
Published: August 29, 2023; 12:15:16 AM -0400V3.1: 7.5 HIGH
-
CVE-2023-38802 - FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).
Published: August 29, 2023; 12:15:09 PM -0400V3.1: 7.5 HIGH
-
CVE-2023-41909 - An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.
Published: September 05, 2023; 3:15:14 AM -0400V3.1: 7.5 HIGH
-
CVE-2023-32726 - The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.
Published: December 18, 2023; 5:15:06 AM -0500V3.1: 8.1 HIGH
-
CVE-2023-40374 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.
Published: October 16, 2023; 7:15:10 PM -0400V3.1: 7.5 HIGH
-
CVE-2023-38719 - IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 261607.
Published: October 16, 2023; 8:15:10 PM -0400V3.1: 4.4 MEDIUM
-
CVE-2023-40372 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499.
Published: October 16, 2023; 8:15:10 PM -0400V3.1: 7.5 HIGH
-
CVE-2023-40373 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574.
Published: October 16, 2023; 8:15:10 PM -0400V3.1: 7.5 HIGH
-
CVE-2023-38720 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.
Published: October 16, 2023; 5:15:10 PM -0400V3.1: 7.5 HIGH
-
CVE-2023-38728 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.
Published: October 16, 2023; 6:15:11 PM -0400V3.1: 7.5 HIGH
-
CVE-2023-38740 - IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613.
Published: October 16, 2023; 6:15:12 PM -0400V3.1: 7.5 HIGH
-
CVE-2023-30987 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440.
Published: October 16, 2023; 5:15:10 PM -0400V3.1: 7.5 HIGH
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.