Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-52531 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix a memory corruption issue A few lines above, space is kzalloc()'ed for: sizeof(struct iwl_nvm_data) + si... | 7.8 | HIGH | β | 0 |
| CVE-2023-52560 In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() When CONFIG_DAMON_VADDR_KUNIT_TEST=y and making CONFIG... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52563 In the Linux kernel, the following vulnerability has been resolved: drm/meson: fix memory leak on ->hpd_notify callback The EDID returned by drm_bridge_get_edid() needs to be freed. | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52565 In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix OOB read If the index provided by the user is bigger than the mask size, we might do an out of bound read. | 7.1 | HIGH | β | 0 |
| CVE-2023-52567 In the Linux kernel, the following vulnerability has been resolved: serial: 8250_port: Check IRQ data before use In case the leaf driver wants to use IRQ polling (irq = 0) and IIR register shows tha... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52568 In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race The SGX EPC reclaimer (ksgxd) may reclaim the SECS EPC page for an enc... | 4.7 | MEDIUM | β | 0 |
| CVE-2023-52570 In the Linux kernel, the following vulnerability has been resolved: vfio/mdev: Fix a null-ptr-deref bug for mdev_unregister_parent() Inject fault while probing mdpy.ko, if kstrdup() of create_dir() ... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52573 In the Linux kernel, the following vulnerability has been resolved: net: rds: Fix possible NULL-pointer dereference In rds_rdma_cm_event_handler_cmn() check, if conn pointer exists before dereferenc... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52574 In the Linux kernel, the following vulnerability has been resolved: team: fix null-ptr-deref when team device type is changed Get a null-ptr-deref bug as follows with reproducer [1]. BUG: kernel NU... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52578 In the Linux kernel, the following vulnerability has been resolved: net: bridge: use DEV_STATS_INC() syzbot/KCSAN reported data-races in br_handle_frame_finish() [1] This function can run from multi... | 7.0 | HIGH | β | 0 |
| CVE-2023-47745 IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear te... | 6.2 | MEDIUM | β | 0 |
| CVE-2024-27255 IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms tha... | 5.9 | MEDIUM | β | 0 |
| CVE-2023-43054 IBM Engineering Test Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende... | 6.4 | MEDIUM | β | 0 |
| CVE-2023-47742 IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could disclose sensitive information using man in the middle techniques due to not corre... | 5.9 | MEDIUM | β | 0 |
| CVE-2024-11983 Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific S... | 7.2 | HIGH | β | 0 |
| CVE-2024-22355 IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easi... | 5.9 | MEDIUM | β | 0 |
| CVE-2024-2146 A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /?p=products... | 3.5 | LOW | β | 0 |
| CVE-2023-27291 IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive informati... | 4.5 | MEDIUM | β | 0 |
| CVE-2024-2151 A vulnerability classified as problematic was found in SourceCodester Online Mobile Management Store 1.0. Affected by this vulnerability is an unknown functionality of the component Product Price Hand... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-2152 A vulnerability, which was classified as critical, has been found in SourceCodester Online Mobile Management Store 1.0. Affected by this issue is some unknown functionality of the file /admin/product/... | 4.7 | MEDIUM | β | 0 |
| CVE-2024-2153 A vulnerability, which was classified as critical, was found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /admin/orders/view_order.php. The manipulati... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-2154 A vulnerability has been found in SourceCodester Online Mobile Management Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_product.php. The manipulation o... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-2156 A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been classified as critical. Affected is an unknown function of the file admin_class.php. The manipulation of the arg... | 6.3 | MEDIUM | β | 0 |
| CVE-2023-25176 in OpenHarmony v3.2.4 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | 2.9 | LOW | β | 0 |
| CVE-2023-46708 in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free. | 4.3 | MEDIUM | β | 0 |
| CVE-2023-49602 in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion. | 2.9 | LOW | β | 0 |
| CVE-2024-9044 A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1.2 and earlier across multiple platforms, including Windows, Linux, and macOS. | N/A | NONE | β | 0 |
| CVE-2024-20837 Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user inte... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-20838 Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code. | 6.8 | MEDIUM | β | 0 |
| CVE-2024-20839 Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers to access recording files on the lock sc... | 4.6 | MEDIUM | β | 0 |
| CVE-2024-2179 Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. A rogue adminis... | 2.2 | LOW | β | 0 |
| CVE-2024-47094 Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local ... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52593 In the Linux kernel, the following vulnerability has been resolved: wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap() Since 'ieee80211_beacon_get()' can return NULL, 'wfx_set_mfp_... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52594 In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Fix an array-index-out-of-bounds read in ath9k_h... | 7.8 | HIGH | β | 0 |
| CVE-2023-52595 In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: restart beacon queue when hardware reset When a hardware reset is triggered, all registers are reset, so all queues ... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52599 In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diNewExt [Syz report] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2 index -87... | 7.8 | HIGH | β | 0 |
| CVE-2024-28174 In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly | 5.8 | MEDIUM | β | 0 |
| CVE-2023-52600 In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfs_evict_inode When the execution of diMount(ipimap) fails, the object ipimap that has been released may be acces... | 7.8 | HIGH | β | 0 |
| CVE-2023-52603 In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot Syzkaller reported the following issue: oop0: detected capacity change from 0 to ... | 7.8 | HIGH | β | 0 |
| CVE-2023-52604 In the Linux kernel, the following vulnerability has been resolved: FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in f... | 7.8 | HIGH | β | 0 |
| CVE-2024-26626 In the Linux kernel, the following vulnerability has been resolved: ipmr: fix kernel panic when forwarding mcast packets The stacktrace was: [ 86.305548] BUG: kernel NULL pointer dereference, addr... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-28173 In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed | 4.3 | MEDIUM | β | 0 |
| CVE-2024-24761 Galette is a membership management web application for non profit organizations. Starting in version 1.0.0 and prior to version 1.0.2, public pages are per default restricted to only administrators an... | 7.5 | HIGH | β | 0 |
| CVE-2024-2174 Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2024-2176 Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2024-0199 An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utili... | 7.7 | HIGH | β | 0 |
| CVE-2024-0670 Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges | 8.8 | HIGH | β | 0 |
| CVE-2024-1299 A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_toke... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-1931 NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 i... | 7.5 | HIGH | β | 0 |
| CVE-2024-28228 In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible | 5.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.