Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-42461 In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed. | 9.1 | CRITICAL | β | 0 |
| CVE-2023-53052 In the Linux kernel, the following vulnerability has been resolved: cifs: fix use-after-free bug in refresh_cache_worker() The UAF bug occurred because we were putting DFS root sessions in cifs_umou... | 7.8 | HIGH | β | 0 |
| CVE-2024-38876 A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (A... | 7.8 | HIGH | β | 0 |
| CVE-2024-38877 A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System (N... | 8.2 | HIGH | β | 0 |
| CVE-2024-38878 A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow aut... | 7.2 | HIGH | β | 0 |
| CVE-2024-38879 A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). The affected system expose... | 7.5 | HIGH | β | 0 |
| CVE-2024-7314 anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrar... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-33892 Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in versi... | 7.5 | HIGH | β | 0 |
| CVE-2024-33893 Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization. This is fixed in version 21.2s10 ... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-33895 Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is no... | 6.6 | MEDIUM | β | 0 |
| CVE-2024-33896 Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting. This is fixed in version 21.2s10 and 22.1s3... | 7.2 | HIGH | β | 0 |
| CVE-2024-7395 An authentication bypass vulnerability in Korenix JetPort 5601v3 allows an attacker to access functionality on the device without specifying a password.This issue affects JetPort 5601v3: through 1.2. | N/A | NONE | β | 0 |
| CVE-2024-7396 Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2. | N/A | NONE | β | 0 |
| CVE-2024-7397 Improper filering of special characters result in a command ('command injection') vulnerability in Korenix JetPort 5601v3.This issue affects JetPort 5601v3: through 1.2. | N/A | NONE | β | 0 |
| CVE-2024-7409 A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server i... | N/A | NONE | β | 0 |
| CVE-2024-41376 dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php. | 8.8 | HIGH | β | 0 |
| CVE-2024-43884 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULL ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-43889 In the Linux kernel, the following vulnerability has been resolved: padata: Fix possible divide-by-0 panic in padata_mt_helper() We are hit with a not easily reproducible divide-by-0 panic in padata... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-43890 In the Linux kernel, the following vulnerability has been resolved: tracing: Fix overflow in get_free_elt() "tracing_map->next_elt" in get_free_elt() is at risk of overflowing. Once it overflows, n... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-43892 In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to mem_cgroup_idr Commit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after many sm... | 4.7 | MEDIUM | β | 0 |
| CVE-2024-43893 In the Linux kernel, the following vulnerability has been resolved: serial: core: check uartclk for zero to avoid divide by zero Calling ioctl TIOCSSERIAL with an invalid baud_base can result in uar... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-43894 In the Linux kernel, the following vulnerability has been resolved: drm/client: fix null pointer dereference in drm_client_modeset_probe In drm_client_modeset_probe(), the return value of drm_mode_d... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-43897 In the Linux kernel, the following vulnerability has been resolved: net: drop bad gso csum_start and offset in virtio_net_hdr Tighten csum_start and csum_offset checks in virtio_net_hdr_to_skb for G... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-43900 In the Linux kernel, the following vulnerability has been resolved: media: xc2028: avoid use-after-free in load_firmware_cb() syzkaller reported use-after-free in load_firmware_cb() [1]. The reason ... | 7.8 | HIGH | β | 0 |
| CVE-2024-43902 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null checker before passing variables Checks null pointer before passing variables to functions. This fixes ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-43904 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing This commit adds null checks for the 'stream' and '... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-43907 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules Check the pointer value to fix potential null pointer ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-43908 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer dereference to ras_manager Check ras_manager before using it | 5.5 | MEDIUM | β | 0 |
| CVE-2024-43909 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference for smu7 optimize the code to avoid pass a null pointer (hwmgr->backend) to functi... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-43911 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL dereference at band check in starting tx ba session In MLD connection, link_data/link_conf are dynamicall... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-43912 In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: disallow setting special AP channel widths Setting the AP channel width is meant for use with the normal 20/40/... ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-22670 Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VikBooking H... | N/A | NONE | β | 0 |
| CVE-2024-43914 In the Linux kernel, the following vulnerability has been resolved: md/raid5: avoid BUG_ON() while continue reshape after reassembling Currently, mdadm support --revert-reshape to abort the reshape ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-44931 In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpio_device_get_desc() Userspace may trigger a speculative read of an address outside... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-44934 In the Linux kernel, the following vulnerability has been resolved: net: bridge: mcast: wait for previous gc cycles when removing port syzbot hit a use-after-free[1] which is caused because the brid... | 7.8 | HIGH | β | 0 |
| CVE-2024-44935 In the Linux kernel, the following vulnerability has been resolved: sctp: Fix null-ptr-deref in reuseport_add_sock(). syzbot reported a null-ptr-deref while accessing sk2->sk_reuseport_cb in reusepo... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-44938 In the Linux kernel, the following vulnerability has been resolved: jfs: Fix shift-out-of-bounds in dbDiscardAG When searching for the next smaller log2 block, BLKSTOL2() returned 0, causing shift e... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-8167 A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /forget.php. The manipulation of the argument email/mobile le... | 7.3 | HIGH | β | 0 |
| CVE-2024-8168 A vulnerability was found in code-projects Online Bus Reservation Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The mani... | 7.3 | HIGH | β | 0 |
| CVE-2024-8169 A vulnerability was found in code-projects Online Quiz Site 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file signupuser.php. The manipulation of the... | 7.3 | HIGH | β | 0 |
| CVE-2024-43802 Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left ... | 4.5 | MEDIUM | β | 0 |
| CVE-2024-35368 FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-45896 ntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged mounts ... | 7.1 | HIGH | β | 0 |
| CVE-2024-8250 NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file | 7.8 | HIGH | β | 0 |
| CVE-2024-45490 An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. | 7.5 | HIGH | β | 0 |
| CVE-2024-45491 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | 9.8 | CRITICAL | β | 0 |
| CVE-2024-45492 An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | 9.8 | CRITICAL | β | 0 |
| CVE-2025-68042 Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelpayouts: from n/a thro... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-44944 In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID Delete expectation path is missing a call to the nf_expect_get_id... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-44946 In the Linux kernel, the following vulnerability has been resolved: kcm: Serialise kcm_sendmsg() for the same socket. syzkaller reported UAF in kcm_release(). [0] The scenario is 1. Thread A bui... | 5.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.