Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2021-47464 In the Linux kernel, the following vulnerability has been resolved: audit: fix possible null-pointer dereference in audit_filter_rules Fix possible null-pointer dereference in audit_filter_rules. ... | 7.4 | HIGH | — | 0 |
| CVE-2021-47467 In the Linux kernel, the following vulnerability has been resolved: kunit: fix reference count leak in kfree_at_end The reference counting issue happens in the normal path of kfree_at_end(). When ku... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-47471 In the Linux kernel, the following vulnerability has been resolved: drm: mxsfb: Fix NULL pointer dereference crash on unload The mxsfb->crtc.funcs may already be NULL when unloading the driver, in w... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-35561 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=add&nohrefStr=close. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-34448 Ghost before 5.82.0 allows CSV Injection during a member CSV export. | 8.8 | HIGH | — | 0 |
| CVE-2021-47476 In the Linux kernel, the following vulnerability has been resolved: comedi: ni_usb6501: fix NULL-deref in command paths The driver uses endpoint-sized USB transfer buffers but had no sanity checks o... | 4.6 | MEDIUM | — | 0 |
| CVE-2021-47478 In the Linux kernel, the following vulnerability has been resolved: isofs: Fix out of bound access for corrupted isofs image When isofs image is suitably corrupted isofs_read_inode() can read data b... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-47482 In the Linux kernel, the following vulnerability has been resolved: net: batman-adv: fix error handling Syzbot reported ODEBUG warning in batadv_nc_mesh_free(). The problem was in wrong error handli... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-47484 In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix possible null pointer dereference. This patch fixes possible null pointer dereference in files "rvu_debugfs.c" a... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-4886 The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request | 4.3 | MEDIUM | — | 0 |
| CVE-2021-47486 In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Fix potential NULL dereference The bpf_jit_binary_free() function requires a non-NULL argument. When the RISC-V BPF JI... | 7.5 | HIGH | — | 0 |
| CVE-2024-35550 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=rev. | 6.3 | MEDIUM | — | 0 |
| CVE-2024-35551 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=add. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-35552 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=del&dataType=logo&dataTypeCN. | 8.8 | HIGH | — | 0 |
| CVE-2024-35553 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=add&nohrefStr=close. | 8.3 | HIGH | — | 0 |
| CVE-2024-35554 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-35555 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=newsWeb&fieldName=state&fieldName2=state&tabName=infoWeb&dataI... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-35556 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsSys_deal.php?mudi=infoSet. | 8.8 | HIGH | — | 0 |
| CVE-2024-35557 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApi_deal.php?mudi=rev&nohrefStr=close. | 5.5 | MEDIUM | — | 0 |
| CVE-2024-5157 Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
| CVE-2024-20360 A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected ... | 8.8 | HIGH | — | 0 |
| CVE-2024-36013 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() Extend a critical section to prevent chan from early freeing. Also ma... | 6.8 | MEDIUM | — | 0 |
| CVE-2024-35082 J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysOperLogMapper.xml. | 6.3 | MEDIUM | — | 0 |
| CVE-2024-35083 J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysLoginInfoMapper.xml. | 8.8 | HIGH | — | 0 |
| CVE-2024-35084 J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-35085 J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in ProcessDefinitionMapper.xml. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-35086 J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in BpmTaskFromMapper.xml . | 9.8 | CRITICAL | — | 0 |
| CVE-2024-35090 J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysUreportFileMapper.xml. | 8.2 | HIGH | — | 0 |
| CVE-2024-35091 J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysTenantMapper.xml. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-35375 There is an arbitrary file upload vulnerability on the media add .php page in the backend of the website in version 5.7.114 of DedeCMS | 9.8 | CRITICAL | — | 0 |
| CVE-2024-35339 Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-5314 Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and ret... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-5315 Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and ret... | 9.1 | CRITICAL | — | 0 |
| CVE-2021-47503 In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() Calling scsi_remove_host() before scsi_add_host() results in a cras... | 6.2 | MEDIUM | — | 0 |
| CVE-2021-47534 In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: Add missing drm_crtc_commit_put Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before a commit") in... | 4.1 | MEDIUM | — | 0 |
| CVE-2021-47535 In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Allocate enough space for GMU registers In commit 142639a52a01 ("drm/msm/a6xx: fix crashstate capture for A650") we ... | 6.2 | MEDIUM | — | 0 |
| CVE-2024-35340 Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the cmdinput parameter at ip/goform/formexeCommand. | 8.6 | HIGH | — | 0 |
| CVE-2021-47547 In the Linux kernel, the following vulnerability has been resolved: net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound In line 5001, if all id in the array 'lp->phy[8... | 4.4 | MEDIUM | — | 0 |
| CVE-2021-47548 In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() The if statement: if (port ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-47551 In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again In SRIOV configuration, the reset may failed to bring ... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-47563 In the Linux kernel, the following vulnerability has been resolved: ice: avoid bpf_prog refcount underflow Ice driver has the routines for managing XDP resources that are shared between ndo_bpf op a... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-36569 Sourcecodester Gas Agency Management System v1.0 is vulnerable to arbitrary code execution via editClientImage.php. | 8.1 | HIGH | — | 0 |
| CVE-2024-35395 TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | 8.8 | HIGH | — | 0 |
| CVE-2024-35396 TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-35387 TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-36800 A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php. | 7.5 | HIGH | — | 0 |
| CVE-2024-5220 The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-26289 Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-29078 Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the pr... | 7.5 | HIGH | — | 0 |
| CVE-2024-35397 TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to e... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.