Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2023-43017 IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155. | 8.2 | HIGH | — | 0 |
| CVE-2024-25446 An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | 7.8 | HIGH | — | 0 |
| CVE-2023-6356 A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-6535 A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-6536 A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-25189 libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-0229 An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an... | 7.8 | HIGH | — | 0 |
| CVE-2024-22119 The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section. | 5.5 | MEDIUM | — | 0 |
| CVE-2024-25442 An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | 7.8 | HIGH | — | 0 |
| CVE-2024-25443 An issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image. | 7.8 | HIGH | — | 0 |
| CVE-2024-25445 Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure. | 7.8 | HIGH | — | 0 |
| CVE-2024-21490 This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large c... | 7.5 | HIGH | — | 0 |
| CVE-2023-52429 dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-25741 printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspeci... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-41703 User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided up... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-41704 Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting w... | 7.1 | HIGH | — | 0 |
| CVE-2024-40840 This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to use Siri to access sensitive user data. | 4.6 | MEDIUM | — | 0 |
| CVE-2023-41705 Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Proc... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-41706 Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high proc... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-41707 Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Pro... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-41708 References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Plea... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-1459 A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which m... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-25228 Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php. | 8.8 | HIGH | — | 0 |
| CVE-2024-1454 The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. A... | 3.4 | LOW | — | 0 |
| CVE-2024-22024 An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain res... | 8.3 | HIGH | — | 0 |
| CVE-2025-67998 Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a ... | 8.8 | HIGH | — | 0 |
| CVE-2023-50387 Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka... | 7.5 | HIGH | — | 0 |
| CVE-2024-20919 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE:... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-20921 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE:... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-20923 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM En... | 3.1 | LOW | — | 0 |
| CVE-2024-20925 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM En... | 3.1 | LOW | — | 0 |
| CVE-2024-20945 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-20960 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability ... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-20962 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerabil... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-20964 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to explo... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-20966 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerabil... | 4.9 | MEDIUM | — | 0 |
| CVE-2024-20968 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Difficult to exploit vulnerability allows... | 4.4 | MEDIUM | — | 0 |
| CVE-2024-20970 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerabil... | 4.9 | MEDIUM | — | 0 |
| CVE-2024-20972 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerabil... | 4.9 | MEDIUM | — | 0 |
| CVE-2024-20974 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerabil... | 4.9 | MEDIUM | — | 0 |
| CVE-2024-1597 pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a nume... | 10.0 | CRITICAL | — | 0 |
| CVE-2024-20976 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerabil... | 4.9 | MEDIUM | — | 0 |
| CVE-2024-20978 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerabil... | 4.9 | MEDIUM | — | 0 |
| CVE-2024-20982 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerabil... | 4.9 | MEDIUM | — | 0 |
| CVE-2024-20984 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to explo... | 4.4 | MEDIUM | — | 0 |
| CVE-2024-25710 Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade t... | 8.1 | HIGH | — | 0 |
| CVE-2024-22019 A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads ... | 7.5 | HIGH | — | 0 |
| CVE-2024-24793 A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is u... | 8.1 | HIGH | — | 0 |
| CVE-2024-24794 A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is u... | 8.1 | HIGH | — | 0 |
| CVE-2023-38562 A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, pote... | 8.7 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.