Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-30268 A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launc... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-52930 In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential bit_17 double-free A userspace with multiple threads racing I915_GEM_SET_TILING to set the tiling to I915_... | 7.8 | HIGH | β | 0 |
| CVE-2023-52932 In the Linux kernel, the following vulnerability has been resolved: mm/swapfile: add cond_resched() in get_swap_pages() The softlockup still occurs in get_swap_pages() under memory pressure. 64 CPU... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52936 In the Linux kernel, the following vulnerability has been resolved: kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() call... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52937 In the Linux kernel, the following vulnerability has been resolved: HV: hv_balloon: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-2870 Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-52939 In the Linux kernel, the following vulnerability has been resolved: mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() As commit 18365225f044 ("hwpoison, memcg: forcibly unchar... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52976 In the Linux kernel, the following vulnerability has been resolved: efi: fix potential NULL deref in efi_mem_reserve_persistent When iterating on a linked list, a result of memremap is dereferenced ... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52977 In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix flow memory leak in ovs_flow_cmd_new Syzkaller reports a memory leak of new_flow in ovs_flow_cmd_new() as it... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52978 In the Linux kernel, the following vulnerability has been resolved: riscv: kprobe: Fixup kernel panic when probing an illegal position The kernel would panic when probed for an illegal position. eg:... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52979 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2023-52984 In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices The probe() function is only used for the DP83822 PHY, leavi... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52988 In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() snd_hda_get_connections() can return a negative error c... | 7.8 | HIGH | β | 0 |
| CVE-2023-52989 In the Linux kernel, the following vulnerability has been resolved: firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region This patch is fix for Linux kernel v2.6.33 or... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52991 In the Linux kernel, the following vulnerability has been resolved: net: fix NULL pointer in skb_segment_list Commit 3a1296a38d0c ("net: Support GRO/GSO fraglist chaining.") introduced UDP listifyed... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52993 In the Linux kernel, the following vulnerability has been resolved: x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL Baoquan reported that after triggering a crash the subsequent crash-kernel fa... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52994 In the Linux kernel, the following vulnerability has been resolved: acpi: Fix suspend with Xen PV Commit f1e525009493 ("x86/boot: Skip realmode init code when running as Xen PV guest") missed one co... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-2858 Privilege escalation vulnerability in the saTECH BCU firmware version 2.1.3. An attacker with access to the CLI of the device could make use of the nice command to bypass all restrictions and elevate ... | 8.8 | HIGH | β | 0 |
| CVE-2023-53002 In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix a memory leak with reused mmap_offset drm_vma_node_allow() and drm_vma_node_revoke() should be called in balanced pa... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-53005 In the Linux kernel, the following vulnerability has been resolved: trace_events_hist: add check for return value of 'create_hist_field' Function 'create_hist_field' is called recursively at trace_e... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-53008 In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential memory leaks in session setup Make sure to free cifs_ses::auth_key.response before allocating it as we might e... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-53011 In the Linux kernel, the following vulnerability has been resolved: net: stmmac: enable all safety features by default In the original implementation of dwmac5 commit 8bf993a5877e ("net: stmmac: Add... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-53013 In the Linux kernel, the following vulnerability has been resolved: ptdma: pt_core_execute_cmd() should use spinlock The interrupt handler (pt_core_irq_handler()) of the ptdma driver can be called f... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-53014 In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra: Fix memory leak in terminate_all() Terminate vdesc when terminating an ongoing transfer. This will ensure that t... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-53015 In the Linux kernel, the following vulnerability has been resolved: HID: betop: check shape of output reports betopff_init() only checks the total sum of the report counts for each report field to b... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-53016 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix possible deadlock in rfcomm_sk_state_change syzbot reports a possible deadlock in rfcomm_sk_state_change [1]. While... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-53017 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix memory leak in hci_update_adv_data() When hci_cmd_sync_queue() failed in hci_update_adv_data(), inst_ptr ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-30270 A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the conten... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-53018 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix memory leaks When hci_cmd_sync_queue() failed in hci_le_terminate_big() or hci_le_big_terminate(), the me... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-53020 In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tp_tunnel_register() The code in l2tp_tunnel_register() is racy in several ways: 1. It modif... | 4.7 | MEDIUM | β | 0 |
| CVE-2023-53022 In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid deadlock in enetc_tx_onestep_tstamp() This lockdep splat says it better than I could: =========================... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-53026 In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix ib block iterator counter overflow When registering a new DMA MR after selecting the best aligned page size for it,... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-53028 In the Linux kernel, the following vulnerability has been resolved: Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" This reverts commit 13e5afd3d773c6fc6ca2b89027befaaaa1ea7293. ieee... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-2859 An attacker with networkΒ access,Β could capture traffic and obtain user cookies, allowing the attacker to steal the active user session and make changes to the device via web, depending on the privileg... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-2885 Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the... | 4.5 | MEDIUM | β | 0 |
| CVE-2025-2886 Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even after searching a terminating delegation. This could cause the client to fetch a ... | 4.5 | MEDIUM | β | 0 |
| CVE-2025-2887 During a target rollback, the client fails to detect the rollback for delegated targets. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users sho... | 4.5 | MEDIUM | β | 0 |
| CVE-2025-2888 During a snapshot rollback, the client incorrectly caches the timestamp metadata. If the client checks the cache when attempting to perform the next update, the update timestamp validation will fail, ... | 4.5 | MEDIUM | β | 0 |
| CVE-2025-30232 A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. | 8.1 | HIGH | β | 0 |
| CVE-2025-2868 Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-2869 Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-43046 There may be information disclosure during memory re-allocation in TZ Secure OS. | 5.5 | MEDIUM | β | 0 |
| CVE-2025-2860 SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerabilit... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-2861 SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data s... | 7.5 | HIGH | β | 0 |
| CVE-2025-2862 SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods us... | 7.5 | HIGH | β | 0 |
| CVE-2025-2863 Cross-site request forgery (CSRF) vulnerability in the web application of saTECH BCU firmware version 2.1.3, which could allow an unauthenticated local attacker to exploit active administrator session... | 7.8 | HIGH | β | 0 |
| CVE-2025-2864 SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-2865 SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a mal... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-2713 Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. ... | 7.8 | HIGH | β | 0 |
| CVE-2024-43065 Cryptographic issues while generating an asymmetric key pair for RKP use cases. | 7.1 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.