Search Results (24238 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-23814 1 Amd 2 Milanpi-sp3, Milanpi-sp3 Firmware 2025-04-09 5.3 Medium
Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment.
CVE-2021-46767 1 Amd 4 Milanpi, Milanpi Firmware, Romepi and 1 more 2025-04-09 6.1 Medium
Insufficient input validation in the ASP may allow an attacker with physical access, unauthorized write access to memory potentially leading to a loss of integrity or denial of service.
CVE-2022-43573 3 Ibm, Microsoft, Redhat 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more 2025-04-09 3.1 Low
IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects. IBM X-Force ID: 238678.
CVE-2022-3870 1 Gitlab 1 Gitlab 2025-04-09 5.3 Medium
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. GitLab allows unauthenticated users to download user avatars using the victim's user ID, on private instances that restrict public level visibility.
CVE-2022-3143 1 Redhat 4 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Eus, Jboss Enterprise Bpms Platform and 1 more 2025-04-09 7.4 High
wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.
CVE-2022-0553 1 Zephyrproject 1 Zephyr 2025-04-09 6.5 Medium
There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.
CVE-2022-4457 1 Cloudflare 1 Warp 2025-04-09 5.5 Medium
Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device.
CVE-2022-4428 1 Cloudflare 1 Warp 2025-04-09 8.9 High
support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a crafted XML config file pointing to a malicious file or set a local path to the executable using Cloudflare Zero Trust Dashboard (for Zero Trust enrolled clients).
CVE-2023-0023 1 Sap 1 Bank Account Management 2025-04-09 4.5 Medium
In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to navigate to another app, personal data is shown directly in the URL. They might get captured in log files, bookmarks, and so on disclosing sensitive data of the application.
CVE-2007-5444 1 Cmsmadesimple 1 Cms Made Simple 2025-04-09 N/A
CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files.
CVE-2008-4641 1 Sentex 1 Jhead 2025-04-09 N/A
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.
CVE-2008-6063 1 Microsoft 1 Word 2025-04-09 N/A
Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
CVE-2008-3007 1 Microsoft 2 Office, Office Onenote 2025-04-09 N/A
Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
CVE-2008-3199 1 Resiprocate 1 Resiprocate 2025-04-09 N/A
Multiple unspecified vulnerabilities in ReSIProcate before 1.3.4 allow remote attackers to cause a denial of service (stack consumption) via unknown network traffic with a large "bytes-in-memory/bytes-on-wire ratio."
CVE-2007-6101 1 Code-crafters 1 Ability Mail Server 2025-04-09 N/A
Ability Mail Server before 2.61 allows remote authenticated users to cause a denial of service (daemon crash) via (1) malformed number list ranges in unspecified IMAP commands, and possibly (2) a blank string in unspecified messages.
CVE-2009-3830 1 Microsoft 1 Sharepoint Server 2025-04-09 N/A
The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
CVE-2009-1125 1 Microsoft 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more 2025-04-09 N/A
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
CVE-2008-1294 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-09 N/A
Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits.
CVE-2008-4041 1 Softalk Mail Server 1 Softalk Mail Server 2025-04-09 N/A
The IMAP server in Softalk Mail Server (formerly WorkgroupMail) 8.5.1.431 allows remote authenticated users to cause a denial of service (resource consumption and daemon crash) via a long IMAP APPEND command with certain repeated parameters.
CVE-2007-3711 1 3com 1 Tippingpoint Ips Tos 2025-04-09 N/A
Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets.