Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-23617 A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafte... | 9.6 | CRITICAL | β | 0 |
| CVE-2024-23620 An improper privilege management vulnerability exists in IBM Merge Healthcare eFilm Workstation. A local, authenticated attacker can exploit this vulnerability to escalate privileges to SYSTEM. | 8.8 | HIGH | β | 0 |
| CVE-2024-23621 A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-23622 A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with S... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-23624 A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. | 9.6 | CRITICAL | β | 0 |
| CVE-2024-23625 A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the d... | 9.6 | CRITICAL | β | 0 |
| CVE-2024-23626 A command injection vulnerability exists in the βSaveSysLogParamsβ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is ... | 9.0 | CRITICAL | β | 0 |
| CVE-2024-23627 A command injection vulnerability exists in the 'SaveStaticRouteIPv4Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authenticat... | 9.0 | CRITICAL | β | 0 |
| CVE-2024-23628 A command injection vulnerability exists in the 'SaveStaticRouteIPv6Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authenti... | 9.0 | CRITICAL | β | 0 |
| CVE-2024-23629 An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information. | 9.6 | CRITICAL | β | 0 |
| CVE-2024-23630 An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can ... | 9.0 | CRITICAL | β | 0 |
| CVE-2023-5933 An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary ... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-0402 An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbit... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-23860 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2024-0456 An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that th... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-21326 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 9.6 | CRITICAL | β | 0 |
| CVE-2024-21382 Microsoft Edge for Android Information Disclosure Vulnerability | 4.3 | MEDIUM | β | 0 |
| CVE-2024-21383 Microsoft Edge (Chromium-based) Spoofing Vulnerability | 3.3 | LOW | β | 0 |
| CVE-2024-21385 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 8.3 | HIGH | β | 0 |
| CVE-2024-21387 Microsoft Edge for Android Spoofing Vulnerability | 5.3 | MEDIUM | β | 0 |
| CVE-2023-5612 An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the v... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-6159 An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expre... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-48130 An issue in GINZA CAFE mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-6919 Path Traversal: '/../filedir' vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal.This issue affects VGuard: before V500.0003.R008.4011.C0012.B351.C. | 7.5 | HIGH | β | 0 |
| CVE-2022-48622 In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani f... | 7.8 | HIGH | β | 0 |
| CVE-2024-0918 A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the ... | 7.2 | HIGH | β | 0 |
| CVE-2024-29816 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in htdat Woo Viet allows Stored XSS.This issue affects Woo Viet: from n/a through 1.5.2. | 5.9 | MEDIUM | β | 0 |
| CVE-2024-0919 A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argumen... | 8.8 | HIGH | β | 0 |
| CVE-2024-0920 A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared as critical. This vulnerability affects unknown code of the file /admin_ping.htm of the component POST Request Handler. T... | 7.2 | HIGH | β | 0 |
| CVE-2024-23856 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2024-23857 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2024-23858 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2024-23859 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2024-23861 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2024-23862 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2024-23863 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2024-23864 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2024-23865 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2024-23866 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2024-23867 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2024-23868 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2024-23869 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2024-23870 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2024-23871 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2024-23872 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2024-23873 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2024-23874 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2024-23875 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2024-23876 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
| CVE-2024-23877 A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability... | 8.2 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.