CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2023-52599 In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diNewExt [Syz report] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2 index -87... | 7.8 | HIGH | — | 0 |
| CVE-2024-28174 In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly | 5.8 | MEDIUM | — | 0 |
| CVE-2023-52600 In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfs_evict_inode When the execution of diMount(ipimap) fails, the object ipimap that has been released may be acces... | 7.8 | HIGH | — | 0 |
| CVE-2023-52603 In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot Syzkaller reported the following issue: oop0: detected capacity change from 0 to ... | 7.8 | HIGH | — | 0 |
| CVE-2023-52604 In the Linux kernel, the following vulnerability has been resolved: FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in f... | 7.8 | HIGH | — | 0 |
| CVE-2024-26626 In the Linux kernel, the following vulnerability has been resolved: ipmr: fix kernel panic when forwarding mcast packets The stacktrace was: [ 86.305548] BUG: kernel NULL pointer dereference, addr... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-28173 In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed | 4.3 | MEDIUM | — | 0 |
| CVE-2024-24761 Galette is a membership management web application for non profit organizations. Starting in version 1.0.0 and prior to version 1.0.2, public pages are per default restricted to only administrators an... | 7.5 | HIGH | — | 0 |
| CVE-2024-2174 Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
| CVE-2024-2176 Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
| CVE-2024-0199 An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utili... | 7.7 | HIGH | — | 0 |
| CVE-2024-0670 Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges | 8.8 | HIGH | — | 0 |
| CVE-2024-1299 A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_toke... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-1931 NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 i... | 7.5 | HIGH | — | 0 |
| CVE-2024-28228 In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible | 5.3 | MEDIUM | — | 0 |
| CVE-2024-28229 In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles | 6.5 | MEDIUM | — | 0 |
| CVE-2024-28230 In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions | 6.5 | MEDIUM | — | 0 |
| CVE-2024-26167 Microsoft Edge for Android Spoofing Vulnerability | 4.3 | MEDIUM | — | 0 |
| CVE-2024-2353 A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the compo... | 8.8 | HIGH | — | 0 |
| CVE-2024-0045 In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional exec... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-0046 In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no ... | 7.8 | HIGH | — | 0 |
| CVE-2024-0048 In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privile... | 7.8 | HIGH | — | 0 |
| CVE-2024-0049 In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User int... | 7.8 | HIGH | — | 0 |
| CVE-2024-21400 Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | 9.0 | CRITICAL | — | 0 |
| CVE-2024-0050 In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution ... | 7.8 | HIGH | — | 0 |
| CVE-2024-0051 In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges neede... | 7.8 | HIGH | — | 0 |
| CVE-2024-23717 In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote (proximal/adjacent) escalation... | 8.8 | HIGH | — | 0 |
| CVE-2023-52487 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix peer flow lists handling The cited change refactored mlx5e_tc_del_fdb_peer_flow() to only clear DUP flag when list ... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52491 In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run In mtk_jpeg_probe, &jpeg->job_timeou... | 7.8 | HIGH | — | 0 |
| CVE-2023-52493 In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Drop chan lock before queuing buffers Ensure read and write locks for the channel are not taken in succession by d... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52498 In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Fix possible deadlocks in core system-wide PM code It is reported that in low-memory situations the system-wide resume ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-26610 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_f... | 7.8 | HIGH | — | 0 |
| CVE-2024-26611 In the Linux kernel, the following vulnerability has been resolved: xsk: fix usage of multi-buffer BPF helpers for ZC XDP Currently when packet is shrunk via bpf_xdp_adjust_tail() and memory type is... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-26615 In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduc... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-26616 In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned [BUG] There is a bug report that, on a ext4-converted btrf... | 7.8 | HIGH | — | 0 |
| CVE-2024-26617 In the Linux kernel, the following vulnerability has been resolved: fs/proc/task_mmu: move mmu notification mechanism inside mm lock Move mmu notification mechanism inside mm lock to prevent race co... | 7.0 | HIGH | — | 0 |
| CVE-2024-26619 In the Linux kernel, the following vulnerability has been resolved: riscv: Fix module loading free order Reverse order of kfree calls to resolve use-after-free error. | 7.8 | HIGH | — | 0 |
| CVE-2024-20671 Microsoft Defender Security Feature Bypass Vulnerability | 5.5 | MEDIUM | — | 0 |
| CVE-2024-21334 Open Management Infrastructure (OMI) Remote Code Execution Vulnerability | 9.8 | CRITICAL | — | 0 |
| CVE-2024-21392 .NET and Visual Studio Denial of Service Vulnerability | 7.5 | HIGH | — | 0 |
| CVE-2024-21427 Windows Kerberos Security Feature Bypass Vulnerability | 7.5 | HIGH | — | 0 |
| CVE-2024-21429 Windows USB Hub Driver Remote Code Execution Vulnerability | 6.8 | MEDIUM | — | 0 |
| CVE-2024-21430 Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability | 5.7 | MEDIUM | — | 0 |
| CVE-2024-21431 Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-21432 Windows Update Stack Elevation of Privilege Vulnerability | 7.0 | HIGH | — | 0 |
| CVE-2024-21433 Windows Print Spooler Elevation of Privilege Vulnerability | 7.0 | HIGH | — | 0 |
| CVE-2024-21434 Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2024-21438 Microsoft AllJoyn API Denial of Service Vulnerability | 7.5 | HIGH | — | 0 |
| CVE-2024-21440 Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 | HIGH | — | 0 |
| CVE-2024-21441 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.