Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-56655 2024-12-27 MEDIUM 5.5 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not defer rule destruction via call_rcu nf_tables_chain_destroy can sleep, it can't be used from call_rcu…
CVE-2024-53203 2024-12-27 HIGH 7.8 In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() The "command" variable can be controlled by the user via…
CVE-2024-46751 2024-09-18 MEDIUM 5.5 In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Instead of doing a BUG_ON() handle the error by…
CVE-2022-21546 2025-05-02 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITE_SAME No Data Buffer crash In newer version of the SBC specs, we have a…
CVE-2022-49063 2025-02-26 HIGH 7.8 In the Linux kernel, the following vulnerability has been resolved: ice: arfs: fix use-after-free when freeing @rx_cpu_rmap The CI testing bots triggered the following splat: [ 718.203054] BUG:…
CVE-2024-43863 2024-08-21 MEDIUM 5.5 In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a deadlock in dma buf fence polling Introduce a version of the fence ops that on…
CVE-2024-38541 2024-06-19 CRITICAL 9.8 In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small…
CVE-2024-35790 2024-05-17 MEDIUM 5.5 In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may…
CVE-2024-26739 2024-04-03 HIGH 7.8 In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mirred: don't override retval if we already lost the skb If we're redirecting the skb, and haven't…
CVE-2021-47037 2024-02-28 MEDIUM 5.5 In the Linux kernel, the following vulnerability has been resolved: ASoC: q6afe-clocks: fix reprobing of the driver Q6afe-clocks driver can get reprobed. For example if the APR services…
CVE-2025-37782 2025-05-01 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-6538 2024-11-25 MEDIUM 5.3 A flaw was found in OpenShift Console. A Server Side Request Forgery (SSRF) attack can happen if an attacker supplies all or part of a URL to the…
CVE-2025-37832 2025-05-08 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-4948 2025-05-19 HIGH 7.5 A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue…
CVE-2025-32914 2025-04-14 HIGH 7.4 A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server…
CVE-2025-32049 2025-04-03 HIGH 7.5 A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service…
CVE-2025-2784 2025-04-03 HIGH 7.0 A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte…
CVE-2025-49210 2025-06-04 N/A 0.0 Rejected reason: Not used
CVE-2025-49209 2025-06-04 N/A 0.0 Rejected reason: Not used
CVE-2025-49208 2025-06-04 N/A 0.0 Rejected reason: Not used
CVE-2025-49207 2025-06-04 N/A 0.0 Rejected reason: Not used
CVE-2025-49206 2025-06-04 N/A 0.0 Rejected reason: Not used
CVE-2025-49205 2025-06-04 N/A 0.0 Rejected reason: Not used
CVE-2025-49204 2025-06-04 N/A 0.0 Rejected reason: Not used
CVE-2025-49203 2025-06-04 N/A 0.0 Rejected reason: Not used
CVE-2025-49202 2025-06-04 N/A 0.0 Rejected reason: Not used
CVE-2025-24859 2025-04-14 HIGH 8.8 A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed,…
CVE-2024-34750 2024-07-03 HIGH 7.5 Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly.…
CVE-2024-27181 2024-08-02 HIGH 8.8 In Apache Linkis
CVE-2024-38479 2024-11-14 HIGH 7.5 Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to…
CVE-2024-45034 2024-09-07 HIGH 8.8 Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the…
CVE-2024-45498 2024-09-07 HIGH 8.8 Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you…
CVE-2024-45784 2024-11-15 HIGH 7.5 Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive…
CVE-2024-45033 2025-01-08 HIGH 8.1 Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the…
CVE-2025-27018 2025-03-19 MEDIUM 6.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow MySQL Provider. When user triggered a DAG with dump_sql or load_sql functions…
CVE-2024-31309 2024-04-10 HIGH 7.5 HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server.  Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set…
CVE-2021-32030 2021-05-06 CRITICAL 9.8 The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized…
CVE-2024-23222 2024-01-23 HIGH 8.8 A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web…
CVE-2025-35939 2025-05-07 MEDIUM 5.3 Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests…
CVE-2023-39780 2023-09-11 HIGH 8.8 On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the…
CVE-2025-31200 2025-04-16 HIGH 7.5 A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1.…
CVE-2024-56145 2024-12-18 CRITICAL 9.8 Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini…
CVE-2025-3935 2025-04-25 HIGH 8.1 ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data…
CVE-2024-23550 2024-02-03 MEDIUM 6.2 HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.
CVE-2024-23553 2024-02-02 LOW 3.0 A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute.
CVE-2024-23741 2024-01-28 CRITICAL 9.8 An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
CVE-2024-22022 2024-02-07 HIGH 8.8 Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam…
CVE-2024-22241 2024-02-06 MEDIUM 4.3 Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user…
CVE-2024-22238 2024-02-06 MEDIUM 6.4 Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to…
CVE-2024-21888 2024-01-31 HIGH 8.8 A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of…
« Anterior Página 1110 de 4308 Siguiente »