CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2024-34073 sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capture_dependencies function in `sagemaker.serve.save_retrive.versio... | 7.8 | HIGH | — | 0 |
| CVE-2024-4461 Unquoted path or search item vulnerability in SugarSync versions prior to 4.1.3 for Windows. This misconfiguration could allow an unauthorized local user to inject arbitrary code into the unquoted ser... | 7.8 | HIGH | — | 0 |
| CVE-2024-4466 SQL injection vulnerability in Gescen on the centrosdigitales.net platform. This vulnerability allows an attacker to send a specially crafted SQL query to the pass parameter and retrieve all the data ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33786 An arbitrary file upload vulnerability in Zhongcheng Kexin Ticketing Management Platform 20.04 allows attackers to execute arbitrary code via uploading a crafted file. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-33787 Hengan Weighing Management Information Query Platform 2019-2021 53.25 was discovered to contain a SQL injection vulnerability via the tuser_Number parameter at search_user.aspx. | 8.2 | HIGH | — | 0 |
| CVE-2022-48671 In the Linux kernel, the following vulnerability has been resolved: cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() syzbot is hitting percpu_rwsem_assert_held(&cpu_hotplug_lock) war... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48672 In the Linux kernel, the following vulnerability has been resolved: of: fdt: fix off-by-one error in unflatten_dt_nodes() Commit 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree") f... | 7.8 | HIGH | — | 0 |
| CVE-2022-48673 In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix possible access to freed memory in link clear After modifying the QP to the Error state, all RX WR would be completed... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48675 In the Linux kernel, the following vulnerability has been resolved: IB/core: Fix a nested dead lock as part of ODP flow Fix a nested dead lock as part of ODP flow by using mmput_async(). From the b... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48686 In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix UAF when detecting digest errors We should also bail from the io_work loop when we set rd_enabled to true, so we don... | 7.8 | HIGH | — | 0 |
| CVE-2024-34524 In XLANG OpenAgents through fe73ac4, the allowed_file protection mechanism can be bypassed by using an incorrect file extension for the nature of the file content. | 9.1 | CRITICAL | — | 0 |
| CVE-2022-48687 In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix out-of-bounds read when setting HMAC data. The SRv6 layer allows defining HMAC data that can later be used to sign I... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48688 In the Linux kernel, the following vulnerability has been resolved: i40e: Fix kernel crash during module removal The driver incorrectly frees client instance and subsequent i40e module removal leads... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48689 In the Linux kernel, the following vulnerability has been resolved: tcp: TX zerocopy should not sense pfmemalloc status We got a recent syzbot report [1] showing a possible misuse of pfmemalloc page... | 7.0 | HIGH | — | 0 |
| CVE-2022-48691 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: clean up hook list when offload flags check fails splice back the hook list so nft_chain_release_hook() has ... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48692 In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Set scmnd->result only when scmnd is not NULL This change fixes the following kernel NULL pointer dereference which is r... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48693 In the Linux kernel, the following vulnerability has been resolved: soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs In brcmstb_pm_probe(), there are two kinds of leak bugs: (1) we nee... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48694 In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix drain SQ hang with no completion SW generated completions for outstanding WRs posted on SQ after QP is in error ta... | 7.8 | HIGH | — | 0 |
| CVE-2024-29417 Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password reset function. | 8.4 | HIGH | — | 0 |
| CVE-2024-34446 Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus DNS traffic can leave the device. Data showing that the affect... | 7.5 | HIGH | — | 0 |
| CVE-2024-3479 An improper export vulnerability was reported in the Motorola Enterprise MotoDpms Provider (com.motorola.server.enterprise.MotoDpmsProvider) that could allow a local attacker to read local data. | 2.8 | LOW | — | 0 |
| CVE-2024-3480 An Implicit intent vulnerability was reported in the Motorola framework that could allow an attacker to read telephony-related data. | 2.8 | LOW | — | 0 |
| CVE-2024-33398 There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and ... | 7.5 | HIGH | — | 0 |
| CVE-2024-28519 A kernel handle leak issue in ProcObsrvesx.sys 4.0.0.49 in MicroWorld Technologies Inc eScan Antivirus could allow privilege escalation for low-privileged users. | 7.8 | HIGH | — | 0 |
| CVE-2024-34075 kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the `MarkovData#getNext` method used in `Markov#generate` and `Markov#choose` allows... | 6.2 | MEDIUM | — | 0 |
| CVE-2024-34453 TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=read_data&type=connectivity_test (which reaches /system/api.php). | 4.3 | MEDIUM | — | 0 |
| CVE-2024-34455 Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory. A fix was released in 2024.02.2. | 7.5 | HIGH | — | 0 |
| CVE-2025-3935 ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using ... | 8.1 | HIGH | KEV | 0 |
| CVE-2023-52729 TCPServer.cpp in SimpleNetwork through 29bc615 has an off-by-one error that causes a buffer overflow when trying to add '\0' to the end of long msg data. It can be exploited via crafted TCP packets. | 7.5 | HIGH | — | 0 |
| CVE-2024-34490 In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with ... | 5.1 | MEDIUM | — | 0 |
| CVE-2024-34474 Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as SYSTEM. | 7.8 | HIGH | — | 0 |
| CVE-2024-34515 image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists(). | 8.8 | HIGH | — | 0 |
| CVE-2024-34519 Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Acc... | 6.8 | MEDIUM | — | 0 |
| CVE-2024-1050 The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas() func... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-34527 spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print statement for an OpenAI key. The printed string might be logged. | 7.5 | HIGH | — | 0 |
| CVE-2024-34528 WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation. | 7.7 | HIGH | — | 0 |
| CVE-2024-4511 A vulnerability classified as critical has been found in Shanghai Sunfull Automation BACnet Server HMI1002-ARM 2.0.4. This affects an unknown part of the component Message Handler. The manipulation le... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-34538 Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography. | 7.5 | HIGH | — | 0 |
| CVE-2024-23188 Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to t... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-49675 An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability. | 7.8 | HIGH | — | 0 |
| CVE-2024-33753 Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier versions allow the accounts and passwords of administrators and users to be changed without authorization. | 8.2 | HIGH | — | 0 |
| CVE-2024-3576 The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before p... | 8.3 | HIGH | — | 0 |
| CVE-2024-32972 go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially ... | 7.5 | HIGH | — | 0 |
| CVE-2024-32982 Litestar and Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.8.3, 2.7.2, and 2.6.4, a Local File Inclusion (LFI) vulnerability has been discovered in the static file ... | 8.2 | HIGH | — | 0 |
| CVE-2024-33294 An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the _FAILE variable in the student_edit_photo.php component. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-34078 html-sanitizer is an allowlist-based HTML cleaner. If using `keep_typographic_whitespace=False` (which is the default), the sanitizer normalizes unicode to the NFKC form at the end. Some unicode chara... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-32807 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brevo Sendinblue for WooCommerce allows Relative Path Traversal, Manipulating Web Input to File System C... | 8.5 | HIGH | — | 0 |
| CVE-2024-34382 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.This issue affects Robo Gallery: from n/a through 3.2.18. | 5.3 | MEDIUM | — | 0 |
| CVE-2013-5456 The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to dese... | N/A | NONE | — | 0 |
| CVE-2013-5457 Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to execute arbitrary code via unspecified vectors. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.