Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2024-34750 Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP head... | 7.5 | HIGH | — | 0 |
| CVE-2024-6383 The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbo... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-39937 supOS 5.0 allows api/image/download?fileName=../ directory traversal for reading files. | 8.6 | HIGH | — | 0 |
| CVE-2023-52340 The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when ... | 7.5 | HIGH | — | 0 |
| CVE-2024-32484 An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an... | 7.4 | HIGH | — | 0 |
| CVE-2024-32498 An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 i... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-34481 drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-36041 KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This all... | 7.8 | HIGH | — | 0 |
| CVE-2024-39472 In the Linux kernel, the following vulnerability has been resolved: xfs: fix log recovery buffer allocation for the legacy h_size fixup Commit a70f9fe52daa ("xfs: detect and handle invalid iclog siz... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-39474 In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL commit a421ef303008 ("mm: allow !GFP_KERNEL allocations ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-39484 In the Linux kernel, the following vulnerability has been resolved: mmc: davinci: Don't strip remove function when driver is builtin Using __exit for the remove function results in the remove callba... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-3651 A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings,... | 7.5 | HIGH | — | 0 |
| CVE-2023-34435 A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network packets can lead to arbitrary firmware update. An attacker... | 7.2 | HIGH | — | 0 |
| CVE-2023-41251 A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code executi... | 7.2 | HIGH | — | 0 |
| CVE-2023-45215 A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary ... | 7.2 | HIGH | — | 0 |
| CVE-2023-45742 An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code ex... | 7.2 | HIGH | — | 0 |
| CVE-2023-46685 A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network packets can lead to arbitrary command ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-47677 A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network request can lead to CSRF. An attack... | 8.8 | HIGH | — | 0 |
| CVE-2023-47856 A stack-based buffer overflow vulnerability exists in the boa set_RadvdPrefixParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remot... | 7.2 | HIGH | — | 0 |
| CVE-2023-48270 A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code e... | 7.2 | HIGH | — | 0 |
| CVE-2023-49073 A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code exe... | 7.2 | HIGH | — | 0 |
| CVE-2023-49593 Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A specially crafted network request can lead to arbitrary command execution. | 7.2 | HIGH | — | 0 |
| CVE-2023-49595 A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbi... | 7.2 | HIGH | — | 0 |
| CVE-2023-49867 A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution... | 7.2 | HIGH | — | 0 |
| CVE-2025-68026 Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through <= 2.1.1... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-50239 Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to... | 7.2 | HIGH | — | 0 |
| CVE-2023-50240 Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to... | 7.2 | HIGH | — | 0 |
| CVE-2023-50243 Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code exec... | 7.2 | HIGH | — | 0 |
| CVE-2023-50244 Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code exec... | 7.2 | HIGH | — | 0 |
| CVE-2023-50330 A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution... | 7.2 | HIGH | — | 0 |
| CVE-2023-50381 Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execu... | 7.2 | HIGH | — | 0 |
| CVE-2023-50382 Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execu... | 7.2 | HIGH | — | 0 |
| CVE-2023-50383 Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execu... | 7.2 | HIGH | — | 0 |
| CVE-2024-21778 A heap-based buffer overflow vulnerability exists in the configuration file mib_init_value_array functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted .dat file can lead to arbitrar... | 7.2 | HIGH | — | 0 |
| CVE-2024-37180 Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be ... | 4.1 | MEDIUM | — | 0 |
| CVE-2024-39594 SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. After succes... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-39595 SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user-controlled inputs, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This vulnerabil... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-39599 Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This lea... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-39487 In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() In function bond_option_arp_ip_targets_set(), if newval->strin... | 7.1 | HIGH | — | 0 |
| CVE-2025-31164 heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline. | 6.6 | MEDIUM | — | 0 |
| CVE-2024-3596 RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a... | 9.0 | CRITICAL | — | 0 |
| CVE-2024-6602 A mismatch between allocator and deallocator could have led to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-6609 When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128. | 8.8 | HIGH | — | 0 |
| CVE-2024-41088 In the Linux kernel, the following vulnerability has been resolved: can: mcp251xfd: fix infinite loop when xmit fails When the mcp251xfd_start_xmit() function fails, the driver stops processing mess... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-38875 An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of bra... | 7.5 | HIGH | — | 0 |
| CVE-2024-39329 An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing at... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-39330 An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicatin... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-22412 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Eona eona allows PHP Local File Inclusion.This issue affects Eona... | 8.1 | HIGH | — | 0 |
| CVE-2024-39614 An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containi... | 7.5 | HIGH | — | 0 |
| CVE-2025-0832 A stored Cross-site Scripting (XSS) vulnerability affecting Project Gantt in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an atta... | 8.7 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.