Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-37965 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix invalid context error in dml helper [Why] "BUG: sleeping function called from invalid context" error. after:…
CVE-2025-48018 2025-05-20 HIGH 7.5 An authenticated user can modify application state data.
CVE-2025-48017 2025-05-20 CRITICAL 9.0 Improper limitation of pathname in Circuit Provisioning and File Import applications allows modification and uploading of files
CVE-2025-48016 2025-05-20 MEDIUM 4.3 OpenFlow discovery protocol can exhaust resources because it is not rate limited
CVE-2025-48015 2025-05-20 LOW 3.7 Failed login response could be different depending on whether the username was local or central.
CVE-2025-48014 2025-05-20 HIGH 7.5 Password guessing limits could be bypassed when using LDAP authentication.
CVE-2025-37964 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: x86/mm: Eliminate window where TLB flushes may be inadvertently skipped tl;dr: There is a window in the mm…
CVE-2025-37963 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users…
CVE-2025-37962 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leak in parse_lease_state() The previous patch that added bounds check for create lease context introduced…
CVE-2025-37961 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ipvs: fix uninit-value for saddr in do_output_route4 syzbot reports for uninit-value for the saddr argument [1]. commit 4754957f04f5…
CVE-2025-37959 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: bpf: Scrub packet on bpf_redirect_peer When bpf_redirect_peer is used to redirect packets to a device in another network…
CVE-2025-37958 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix dereferencing invalid pmd migration entry When migrating a THP, concurrent access to the PMD migration entry…
CVE-2025-37956 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent rename with empty string Client can send empty newname string to ksmbd server. It will cause…
CVE-2025-37955 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable() The selftests added to our CI by Bui Quang Minh recently…
CVE-2025-37954 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: smb: client: Avoid race in open_cached_dir with lease breaks A pre-existing valid cfid returned from find_or_create_cached_dir might race…
CVE-2025-37952 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix UAF in __close_file_table_ids A use-after-free is possible if one thread destroys the file via __ksmbd_close_fd while…
CVE-2025-37951 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we…
CVE-2025-37950 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix panic in failed foilio allocation commit 7e119cff9d0a ("ocfs2: convert w_pages to w_folios") and commit 9a5e08652dc4b ("ocfs2:…
CVE-2025-37948 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the…
CVE-2025-37947 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent out-of-bounds stream writes by validating *pos ksmbd_vfs_stream_write() did not validate whether the write offset (*pos) was…
CVE-2025-37946 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs With commit bcb5d6c76903 ("s390/pci: introduce lock to…
CVE-2025-37945 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY DSA has 2 kinds…
CVE-2025-37944 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process Currently, ath12k_dp_mon_srng_process uses ath12k_hal_srng_src_get_next_entry to fetch the next entry from…
CVE-2025-37943 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi In certain cases, hardware might provide packets with a length…
CVE-2025-37942 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX As noted by Anssi some 20 years ago,…
CVE-2025-37941 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe() When snd_soc_dapm_new_controls() or snd_soc_dapm_add_routes() fails, wcd937x_soc_codec_probe() returns without…
CVE-2024-52013 2024-11-05 MEDIUM 5.7 Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at wiz_pptp.cgi. This vulnerability allows attackers…
CVE-2024-52014 2024-11-05 MEDIUM 5.7 Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at genie_pptp.cgi. This vulnerability allows attackers…
CVE-2024-52015 2024-11-05 MEDIUM 5.7 Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at bsw_pptp.cgi. This vulnerability allows attackers…
CVE-2024-52016 2024-11-05 MEDIUM 5.7 Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters.…
CVE-2024-52022 2024-11-05 HIGH 8.0 Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway parameter. This…
CVE-2024-51011 2024-11-05 MEDIUM 5.7 Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe.cgi. This vulnerability allows attackers to cause…
CVE-2025-2240 2025-03-12 HIGH 7.5 A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates…
CVE-2022-3197 2022-09-26 HIGH 8.8 Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity:…
CVE-2022-3103 2022-09-26 HIGH 7.8 off-by-one in io_uring module.
CVE-2022-3135 2022-09-26 MEDIUM 4.8 The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2022-3119 2022-09-26 HIGH 7.5 The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them…
CVE-2022-2903 2022-09-26 HIGH 7.2 The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import…
CVE-2022-2861 2022-09-26 MEDIUM 6.5 Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into…
CVE-2022-2860 2022-09-26 MEDIUM 6.5 Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.
CVE-2022-2859 2022-09-26 HIGH 8.8 Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to…
CVE-2022-2858 2022-09-26 HIGH 8.8 Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction.
CVE-2022-2405 2022-09-26 MEDIUM 4.3 The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete…
CVE-2022-2404 2022-09-26 MEDIUM 6.1 The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
CVE-2022-2352 2022-09-26 HIGH 7.2 The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to…
CVE-2022-1755 2022-09-26 MEDIUM 5.4 The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to…
CVE-2022-1613 2022-09-26 MEDIUM 5.3 The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations…
CVE-2021-24890 2022-09-26 HIGH 8.8 The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does…
CVE-2024-51021 2024-11-05 HIGH 8.0 Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to…
CVE-2024-52023 2024-11-05 MEDIUM 5.7 Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe2.cgi. This vulnerability allows attackers to cause…
« Anterior Página 1186 de 4309 Siguiente »