CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2024-12970
Low

W podatności CVE-2024-12970 występuje niewłaściwa neutralizacja specjalnych elementów używanych w poleceniach systemu operacyjnego, co pozwala na wstrzyknięcie poleceń systemowych w aplikacji My Computer w systemie Pardus OS. Problem dotyczy wersji przed 0.7.2.

CVE-2024-8443
Low

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to APDUs during card enrollment using pkcs15-init may lead to out-of-bounds access, potentially allowing arbitrary code execution.

CVE-2024-45620
Low

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs, leading to incorrect access to initialized parts of the buffer when buffers are partially filled with data.

CVE-2024-45618
Low

A vulnerability was found in pkcs15-init in OpenSC due to insufficient or missing checking of return values of functions. An attacker could use a crafted USB device or smart card presenting specially crafted APDU responses, leading to the use of uninitialized variables.

CVE-2024-45617
Low

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK due to insufficient checking of function return values. An attacker could use a crafted USB device or smart card to present specially crafted APDU responses, leading to work with uninitialized variables.

CVE-2024-45616
Low

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK due to insufficient control of the response APDU buffer and its length during card communication. An attacker could use a crafted USB device or smart card to present specially crafted APDU responses.

CVE-2024-45615
Low

In OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK, there is a missing initialization of variables that are expected to be initialized before being used as arguments to other functions. This can lead to unpredictable behavior or potential security issues.

CVE-2023-48706
Low

Vim prior to version 9.0.2121 has a heap-use-after-free vulnerability that can occur when executing the `:s` command for the first time using a sub-replace-special atom. This may lead to unsafe memory access and potential crashes of the Vim editor.

CVE-2023-48237
LowEPSS 50%

Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer.

CVE-2023-48236
Low

Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT, which may lead to a crash, although this does not happen in all situations.

CVE-2023-48235
LowEPSS 50%

Vim is an open source command line text editor that may cause an overflow when parsing relative ex addresses. The issue occurs in the existing overflow check when the line number becomes negative. The impact is low, user interaction is required.

CVE-2023-48234
LowEPSS 50%

Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given, which may lead to a crash, although this does not happen in all situations.

CVE-2023-48233
LowEPSS 50%

Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. This issue has been addressed in release version 9.0.2108.

CVE-2023-48232
Low

Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled with the cpo-settings including the 'n' flag. This issue leads to application crashes.

CVE-2023-48231
Low

Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure.

CVE-2023-42456
Low

In versions of sudo-rs prior to 0.2.1, an issue was discovered where usernames containing '.' and '/' characters could lead to corruption of specific files on the filesystem. A user with such a name could delete a binary file, resulting in its removal from the system.

CVE-2023-4743
Low

A vulnerability was found in Dreamer CMS up to version 4.1.3 that allows remote access to files or directories through manipulation of the file /upload/ueditorConfig?action=config. It is classified as problematic with a high complexity of attack.

CVE-2023-4709
Low

A vulnerability has been found in TOTVS RM 12.1 that allows cross site scripting attacks through manipulation of the VIEWSTATE argument in the Login.aspx file. The attack can be executed remotely, but its complexity is high.

CVE-2023-41051
Low

An issue was discovered in the default implementations of the `VolatileMemory` trait functions in a typical Virtual Machine Monitor (VMM), which may lead to out-of-bounds memory access. This affects users of custom `VolatileMemory` implementations that do not adhere to the `get_slice` documentation.

CVE-2023-4707
Low

A vulnerability was found in Infosoftbd Clcknshop 1.0.0, leading to cross site scripting (XSS) attacks through manipulation of the argument q in the file /collection/all. The attack can be initiated remotely.

PreviousPage 22 of 60Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS