Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-26998 In the Linux kernel, the following vulnerability has been resolved: serial: core: Clearing the circular buffer before NULLifying it The circular buffer is NULLified in uart_tty_port_shutdown() under... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-26999 In the Linux kernel, the following vulnerability has been resolved: serial/pmac_zilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be b... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-27012 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: restore set elements when delete set fails From abort path, nft_mapelem_activate() needs to restore refcount... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-27002 In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probing... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-27003 In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree for clk_summary Similar to the previous commit, we should make sure that all devices are r... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-27006 In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up() The count field in struct trip_stats, representing the ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-27007 In the Linux kernel, the following vulnerability has been resolved: userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE Commit d7a08838ab74 ("mm: userfaultfd: fix unexpected ch... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-27009 In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccw_device_set_online() that can cause the online... | 4.7 | MEDIUM | β | 0 |
| CVE-2024-27014 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent deadlock while disabling aRFS When disabling aRFS under the `priv->state_lock`, any scheduled aRFS works are ca... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-27015 In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic reaching ingress path does not match the flowtable entry because the ppp... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-27016 In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is sufficient room to access the protocol field of the PPPoe header. Vali... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-27017 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in prog... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-27018 In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc mo... | 7.8 | HIGH | β | 0 |
| CVE-2024-27019 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() nft_unregister_obj() can concurrent with __nft_obj_type_get(... | 4.7 | MEDIUM | β | 0 |
| CVE-2024-27020 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() nft_unregister_expr() can concurrent with __nft_expr_type_g... | 7.0 | HIGH | β | 0 |
| CVE-2024-27021 In the Linux kernel, the following vulnerability has been resolved: r8169: fix LED-related deadlock on module removal Binding devm_led_classdev_register() to the netdev is problematic because on mod... | 7.8 | HIGH | β | 0 |
| CVE-2009-2455 Multiple cross-site scripting (XSS) vulnerabilities in webadmin/admin.php in @mail 5.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) type and (2) func parameters. NOTE: t... | N/A | NONE | β | 0 |
| CVE-2024-27056 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: ensure offloading TID queue exists The resume code path assumes that the TX queue for the offloading TID has b... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-27072 In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Remove useless locks in usbtv_video_free() Remove locks calls in usbtv_video_free() because are useless and may led ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-4058 Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | 8.8 | HIGH | β | 0 |
| CVE-2024-4059 Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. (Chromium security severity: High) | 6.5 | MEDIUM | β | 0 |
| CVE-2024-4060 Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 6.5 | MEDIUM | β | 0 |
| CVE-2024-51566 The NVMe driver queue processing is vulernable to guest-induced infinite loops. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-47212 A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malic... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49606 A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, whi... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-30251 aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp serve... | 7.5 | HIGH | β | 0 |
| CVE-2024-34402 An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow. | 8.6 | HIGH | β | 0 |
| CVE-2024-34403 An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-27349 BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affect... | 8.0 | HIGH | β | 0 |
| CVE-2023-40477 RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ... | N/A | NONE | β | 0 |
| CVE-2023-42114 Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authenticat... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-42116 Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authenticat... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-42117 Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentica... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69408 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes HealthFirst healthfirst allows PHP Local File Inclusion.This issu... | 8.1 | HIGH | β | 0 |
| CVE-2023-42119 Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentica... | N/A | NONE | β | 0 |
| CVE-2023-44441 GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User inter... | N/A | NONE | β | 0 |
| CVE-2023-44442 GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User inter... | N/A | NONE | β | 0 |
| CVE-2023-44444 GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is requir... | N/A | NONE | β | 0 |
| CVE-2009-0192 Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted ... | N/A | NONE | β | 0 |
| CVE-2023-50229 BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations... | 8.0 | HIGH | β | 0 |
| CVE-2023-50230 BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations... | 8.0 | HIGH | β | 0 |
| CVE-2023-51612 Kofax Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Po... | N/A | NONE | β | 0 |
| CVE-2024-30851 Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the download_file.php component. | 6.5 | MEDIUM | β | 0 |
| CVE-2024-34500 An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-34502 An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-i... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-34506 An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens ... | 7.5 | HIGH | β | 0 |
| CVE-2024-34507 An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b char... | 7.4 | HIGH | β | 0 |
| CVE-2024-34508 dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. | 4.3 | MEDIUM | β | 0 |
| CVE-2024-34509 dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-32663 Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata u... | 7.5 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.