Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-23736 Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email. | 8.8 | HIGH | — | 0 |
| CVE-2024-39309 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is c... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-39310 The Basil recipe theme for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `post_title` parameter in versions up to, and including, 2.0.4 due to insufficient input sanitizatio... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-39314 toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The pr... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-3999 The EazyDocs WordPress plugin before 2.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even ... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-4627 The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings (by default admin, however such access... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-1427 The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the section title tag attribute in all versions ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-5767 The sitetweet WordPress plugin through 0.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS ... | 8.8 | HIGH | — | 0 |
| CVE-2024-0158 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading ... | 5.1 | MEDIUM | — | 0 |
| CVE-2023-41917 Inadequate input validation exposes the system to potential remote code execution (RCE) risks. Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, en... | 10.0 | CRITICAL | — | 0 |
| CVE-2023-41918 A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to unauthenticated execute commands potentially leading to unauthorized data ma... | 10.0 | CRITICAL | — | 0 |
| CVE-2023-41919 Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41922 A 'Cross-site Scripting' (XSS) vulnerability, characterized by improper input neutralization during web page generation, has been discovered. This vulnerability allows for Stored XSS attacks to occur.... | 7.2 | HIGH | — | 0 |
| CVE-2023-41923 The user management section of the web application permits the creation of user accounts with excessively weak passwords, including single-character passwords. | 7.2 | HIGH | — | 0 |
| CVE-2023-41926 The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possi... | 8.8 | HIGH | — | 0 |
| CVE-2023-41927 The server supports at least one cipher suite which is on the NCSC-NL list of cipher suites to be phased out, increasing the risk of cryptographic weaknesses. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-41928 The device is observed to accept deprecated TLS protocols, increasing the risk of cryptographic weaknesses. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-37077 in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. | 8.2 | HIGH | — | 0 |
| CVE-2024-31071 in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion. | 3.3 | LOW | — | 0 |
| CVE-2024-36243 in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write. | 8.2 | HIGH | — | 0 |
| CVE-2024-36260 in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. | 8.2 | HIGH | — | 0 |
| CVE-2024-36278 in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion. | 3.3 | LOW | — | 0 |
| CVE-2024-37030 in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through use after free. | 8.2 | HIGH | — | 0 |
| CVE-1999-0650 The netstat service is running, which provides sensitive information to remote attackers. | N/A | NONE | — | 0 |
| CVE-2024-37185 in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. | 8.2 | HIGH | — | 0 |
| CVE-2024-4836 Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthenticated user. The issue ... | 7.5 | HIGH | — | 0 |
| CVE-2024-20888 Improper access control in OneUIHome prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability. | 7.8 | HIGH | — | 0 |
| CVE-2024-20889 Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices. | 5.9 | MEDIUM | — | 0 |
| CVE-2024-20890 Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigger abnormal behavior. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-20891 Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. | 7.8 | HIGH | — | 0 |
| CVE-2024-20892 Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local attackers to execute privileged behaviors. User interaction is required for triggering this vulnerabil... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-20893 Improper input validation in libmediaextractorservice.so prior to SMR Jul-2024 Release 1 allows local attackers to trigger memory corruption. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-20894 Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. User interaction is required fo... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-20895 Improper access control in Dar service prior to SMR Jul-2024 Release 1 allows local attackers to bypass restriction for calling SDP features. | 7.7 | HIGH | — | 0 |
| CVE-2024-20897 Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. | 4.0 | MEDIUM | — | 0 |
| CVE-2024-20898 Use of implicit intent for sensitive communication in SoftphoneClient in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. | 4.0 | MEDIUM | — | 0 |
| CVE-2024-20899 Use of implicit intent for sensitive communication in RCS function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. | 4.0 | MEDIUM | — | 0 |
| CVE-2024-20900 Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication. | 4.0 | MEDIUM | — | 0 |
| CVE-2024-20901 Improper input validation in copying data to buffer cache in libsaped prior to SMR Jul-2024 Release 1 allows local attackers to write out-of-bounds memory. | 5.9 | MEDIUM | — | 0 |
| CVE-2024-34583 Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to get device identifier. | 4.0 | MEDIUM | — | 0 |
| CVE-2024-34585 Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. | 7.8 | HIGH | — | 0 |
| CVE-2024-34586 Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local attackers to configure Knox privacy policy. | 5.9 | MEDIUM | — | 0 |
| CVE-2024-34587 Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User... | 7.5 | HIGH | — | 0 |
| CVE-2024-34588 Improper input validation혻in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for trigge... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-34589 Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for trigge... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-34590 Improper input validation혻in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-34591 Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-34592 Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for trig... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-34593 Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction... | 7.5 | HIGH | — | 0 |
| CVE-2024-34594 Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address. | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.