Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-49908 A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A spec... | 7.2 | HIGH | — | 0 |
| CVE-2023-49909 A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A spec... | 7.2 | HIGH | — | 0 |
| CVE-2023-49910 A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A spec... | 7.2 | HIGH | — | 0 |
| CVE-2024-31871 IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IB... | 7.5 | HIGH | — | 0 |
| CVE-2023-49911 A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A spec... | 7.2 | HIGH | — | 0 |
| CVE-2023-49912 A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A spec... | 7.2 | HIGH | — | 0 |
| CVE-2023-49913 A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A spec... | 7.2 | HIGH | — | 0 |
| CVE-2024-31864 Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC d... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69407 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affe... | 8.1 | HIGH | — | 0 |
| CVE-2009-2451 Multiple SQL injection vulnerabilities in index.php in MIM:InfiniX 1.2.003 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year paramet... | N/A | NONE | — | 0 |
| CVE-2023-2794 A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is ... | 8.1 | HIGH | — | 0 |
| CVE-2024-2243 A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and t... | 7.6 | HIGH | — | 0 |
| CVE-2024-31309 HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new s... | 7.5 | HIGH | — | 0 |
| CVE-2025-26377 A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users via crafted HT... | 8.1 | HIGH | — | 0 |
| CVE-2024-31872 IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation.... | 7.5 | HIGH | — | 0 |
| CVE-2024-31873 IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID... | 7.5 | HIGH | — | 0 |
| CVE-2024-31874 IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318. | 6.2 | MEDIUM | — | 0 |
| CVE-2024-3566 A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-47183 In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstandin... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47193 In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix memory leak during rmmod Driver failed to release all memory allocated. This would lead to memory leak during dr... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-1481 A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead ... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-29483 eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source po... | 7.0 | HIGH | — | 0 |
| CVE-2023-49528 Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_st... | 8.0 | HIGH | — | 0 |
| CVE-2020-8006 The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio bin... | 8.8 | HIGH | — | 0 |
| CVE-2024-3704 SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or ev... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-3705 Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/M_Icons.php' modi... | 8.8 | HIGH | — | 0 |
| CVE-2024-3706 Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials a... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-3707 Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-26817 In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might o... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-3774 aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-32489 TCPDF before 6.7.4 mishandles calls that use HTML syntax. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-31497 In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-3575 Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb | 6.1 | MEDIUM | — | 0 |
| CVE-2024-21057 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privi... | 4.9 | MEDIUM | — | 0 |
| CVE-2024-21070 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Search Framework). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vu... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-39367 An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execut... | 9.1 | CRITICAL | — | 0 |
| CVE-2023-40146 A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and e... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-43491 An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a discl... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-45209 An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a ... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-45744 A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration... | 8.3 | HIGH | — | 0 |
| CVE-2024-31578 FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. | 7.5 | HIGH | — | 0 |
| CVE-2024-31031 An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow. | 7.5 | HIGH | — | 0 |
| CVE-2024-31581 FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behav... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-4235 A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver_report() function during the SMS decoding. It is assumed that the attack scena... | 8.1 | HIGH | — | 0 |
| CVE-2024-31582 FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause unde... | 7.8 | HIGH | — | 0 |
| CVE-2023-4232 A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_status_report() function during the SMS decoding. It is assumed that the attack scenar... | 8.1 | HIGH | — | 0 |
| CVE-2023-4233 A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the sms_decode_address_field() function during the SMS PDU decoding. It is assumed that the attac... | 8.1 | HIGH | — | 0 |
| CVE-2023-4234 A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_submit_report() function during the SMS decoding. It is assumed that the attack scenar... | 8.1 | HIGH | — | 0 |
| CVE-2024-30920 Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component. | 7.4 | HIGH | — | 0 |
| CVE-2024-26921 In the Linux kernel, the following vulnerability has been resolved: inet: inet_defrag: prevent sk release while still in use ip_local_out() and other functions can pass skb->sk as function argument.... | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.