Total
308 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3637 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | 8.8 HIGH |
| The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue." | |||||
| CVE-2008-0062 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-09 | 9.3 HIGH | 9.8 CRITICAL |
| KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. | |||||
| CVE-2022-46505 | 1 Matrixssl | 1 Matrixssl | 2025-04-04 | N/A | 7.5 HIGH |
| An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data. | |||||
| CVE-2001-1471 | 1 Phpbb | 1 Phpbb | 2025-04-03 | 4.6 MEDIUM | 8.8 HIGH |
| prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement. | |||||
| CVE-1999-0993 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | 7.5 HIGH | N/A |
| Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed. | |||||
| CVE-2024-28084 | 2 Fedoraproject, Intel | 2 Fedora, Inet Wireless Daemon | 2025-03-27 | N/A | 7.5 HIGH |
| p2putil.c in iNet wireless daemon (IWD) through 2.15 allows attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact because of initialization issues in situations where parsing of advertised service information fails. | |||||
| CVE-2024-39864 | 1 Apache | 1 Cloudstack | 2025-03-19 | N/A | 9.8 CRITICAL |
| The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is considered disabled when integration.api.port is set to 0 or negative. Due to an improper initialisation logic, the integration API service would listen on a random port when its port value is set to 0 (default value). An attacker that can access the CloudStack management network could scan and find the randomised integration API service port and exploit it to perform unauthorised administrative actions and perform remote code execution on CloudStack managed hosts and result in complete compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure. Users are recommended to restrict the network access on the CloudStack management server hosts to only essential ports. Users are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue. | |||||
| CVE-2023-40261 | 1 Dieboldnixdorf | 1 Vynamic Security Suite | 2025-03-13 | N/A | 6.8 MEDIUM |
| Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR02 fails to validate file attributes during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk. | |||||
| CVE-2023-20591 | 1 Amd | 130 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 127 more | 2025-03-13 | N/A | 6.5 MEDIUM |
| Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability. | |||||
| CVE-2023-27115 | 1 Webassembly | 1 Webassembly | 2025-02-28 | N/A | 5.5 MEDIUM |
| WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size. | |||||
| CVE-2020-27950 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-02-28 | 7.1 HIGH | 5.5 MEDIUM |
| A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory. | |||||
| CVE-2023-26084 | 1 Arm | 1 Aarch64cryptolib | 2025-02-27 | N/A | 3.7 LOW |
| The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable. | |||||
| CVE-2023-1513 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2025-02-25 | N/A | 3.3 LOW |
| A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. | |||||
| CVE-2022-48352 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-24 | N/A | 7.5 HIGH |
| Some smartphones have data initialization issues. Successful exploitation of this vulnerability may cause a system panic. | |||||
| CVE-2022-27493 | 1 Intel | 4 Lapbc510, Lapbc510 Firmware, Lapbc710 and 1 more | 2025-02-18 | N/A | 7.8 HIGH |
| Improper initialization in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2023-31926 | 1 Broadcom | 1 Brocade Fabric Operating System | 2025-02-13 | N/A | 7.1 HIGH |
| System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0. | |||||
| CVE-2024-31157 | 2025-02-12 | N/A | 5.3 MEDIUM | ||
| Improper initialization in UEFI firmware OutOfBandXML module in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2024-26021 | 2025-02-12 | N/A | 2.3 LOW | ||
| Improper initialization in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-32579 | 1 Intel | 4 Lapbc510, Lapbc510 Firmware, Lapbc710 and 1 more | 2025-02-10 | N/A | 7.2 HIGH |
| Improper initialization in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2023-25010 | 1 Autodesk | 1 Maya Usd | 2025-02-06 | N/A | 7.8 HIGH |
| A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution. | |||||