Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-35344 Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D... | 9.9 | CRITICAL | β | 0 |
| CVE-2018-14839 LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters. | 9.8 | CRITICAL | KEV | 0 |
| CVE-2024-3745 MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low p... | 7.8 | HIGH | β | 0 |
| CVE-2024-34083 aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if ... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-36043 question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property. | 6.1 | MEDIUM | β | 0 |
| CVE-2024-5095 A vulnerability classified as problematic has been found in Victor Zsviot Camera 8.26.31. This affects an unknown part of the component MQTT Packet Handler. The manipulation leads to denial of service... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-5096 A vulnerability classified as problematic was found in Hipcam Device up to 20240511. This vulnerability affects unknown code of the file /log/wifi.mac of the component MAC Address Handler. The manipul... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-36053 In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in check_connection, drop_data_received_cb, and Service.remove. A u... | 9.0 | CRITICAL | β | 0 |
| CVE-2024-36080 Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-36081 Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-35972 In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() If ulp = kzalloc() fails, the allocated edev will leak because it... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-35978 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix memory leak in hci_req_sync_complete() In 'hci_req_sync_complete()', always free the previous sync request state be... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-35982 In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid infinite loop trying to resize local TT If the MTU of one of an attached interface becomes too small to transmit... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-35984 In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when using the designware controller as target only. Tar... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-35990 In the Linux kernel, the following vulnerability has been resolved: dma: xilinx_dpdma: Fix locking There are several places where either chan->lock or chan->vchan.lock was not held. Add appropriate ... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-3943 Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, i... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-35992 In the Linux kernel, the following vulnerability has been resolved: phy: marvell: a3700-comphy: Fix out of bounds read There is an out of bounds read access of 'gbe_phy_init_fix[fix_idx].addr' every... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-36008 In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() syzbot was able to trigger a NULL deref in fib_validate_source() in an old tree [... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-27312 Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This vulnerability affects only the PAM360 66... | 8.1 | HIGH | β | 0 |
| CVE-2024-2835 A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited. | 8.7 | HIGH | β | 0 |
| CVE-2024-34953 An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denial of Service (DoS) via memory exhaustion by supplying a crafted .ncm file | 7.5 | HIGH | β | 0 |
| CVE-2024-3482 A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited. | 8.7 | HIGH | β | 0 |
| CVE-2024-0401 ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a cr... | 7.2 | HIGH | β | 0 |
| CVE-2024-24294 A Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 allows an attacker to execute arbitrary code via the _utils.setDeepProperty function of engine.min.js. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-35192 Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials fo... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-35194 Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created ... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-35195 Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests t... | 5.6 | MEDIUM | β | 0 |
| CVE-2024-34710 Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute... | 7.1 | HIGH | β | 0 |
| CVE-2024-27130 A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a n... | 7.2 | HIGH | β | 0 |
| CVE-2026-6782 Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | 7.5 | HIGH | β | 0 |
| CVE-2025-59584 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Podcast penci-podcast allows DOM-Based XSS.This issue affects Penci Podcast: fro... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-3938 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device dat... | 4.6 | MEDIUM | β | 0 |
| CVE-2023-3939 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command impleme... | 10.0 | CRITICAL | β | 0 |
| CVE-2024-4988 The mobile application (com.transsion.videocallenhancer) interface has improper permission control, which can lead to the risk of private file leakage. | 7.5 | HIGH | β | 0 |
| CVE-2023-3940 Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR0... | 7.5 | HIGH | β | 0 |
| CVE-2023-3941 Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices (ZkTeco ProF... | 10.0 | CRITICAL | β | 0 |
| CVE-2023-3942 An 'SQL Injection' vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, ... | 7.5 | HIGH | β | 0 |
| CVE-2024-35361 MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. An attacker can execute arbitrary SQL statements through this vulnerability without requiring any user rights. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-52753 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid NULL dereference of timing generator [Why & How] Check whether assigned timing generator is NULL or not bef... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52769 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix htt mlo-offset event locking The ath12k active pdevs are protected by RCU but the htt mlo-offset event handling ... | 7.8 | HIGH | β | 0 |
| CVE-2023-52772 In the Linux kernel, the following vulnerability has been resolved: af_unix: fix use-after-free in unix_stream_read_actor() syzbot reported the following crash [1] After releasing unix socket lock,... | 7.8 | HIGH | β | 0 |
| CVE-2023-52773 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer() When ddc_service_construct() is called, it explicitly chec... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-47546 In the Linux kernel, the following vulnerability has been resolved: ipv6: fix memory leak in fib6_rule_suppress The kernel leaks memory when a `fib` rule is present in IPv6 nftables firewall rules a... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52783 In the Linux kernel, the following vulnerability has been resolved: net: wangxun: fix kernel panic due to null pointer When the device uses a custom subsystem vendor ID, the function wx_sw_init() re... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52806 In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix possible null-ptr-deref when assigning a stream While AudioDSP drivers assign streams exclusively of HOST or LINK t... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52809 In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() fc_lport_ptp_setup() did not check the return value of... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52815 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vkms: fix a possible null pointer dereference In amdgpu_vkms_conn_get_modes(), the return value of drm_cvt_mode() is as... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-36056 Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory via IOCTL 0x9c406490 (for IoAllocateMdl, MmBuildMdlForNonPagedPool, and MmMapLo... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-52821 In the Linux kernel, the following vulnerability has been resolved: drm/panel: fix a possible null pointer dereference In versatile_panel_get_modes(), the return value of drm_mode_duplicate() is ass... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52827 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats() len is extracted from HTT message and could be an une... | 7.1 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.