Search Results (992 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-55198 1 Helm 1 Helm 2025-08-21 6.5 Medium
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expects prior to processing them with Helm.
CVE-2021-34999 1 Openbsd 1 Openbsd 2025-08-14 5.5 Medium
OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. . Was ZDI-CAN-14540.
CVE-2021-35000 1 Openbsd 1 Openbsd 2025-08-14 N/A
OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. . Was ZDI-CAN-16112.
CVE-2025-52575 1 Espocrm 1 Espocrm 2025-08-05 6.5 Medium
EspoCRM is an Open Source CRM (Customer Relationship Management) software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authentication is enabled. A remote, unauthenticated attacker can manipulate LDAP queries by injecting crafted input containing wildcard characters (e.g., *). This may allow the attacker to bypass authentication controls, enumerate valid usernames, or retrieve sensitive directory information depending on the LDAP server configuration. This was fixed in version 9.1.7.
CVE-2025-26803 1 Phusion 1 Passenger 2025-07-13 5.3 Medium
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method.
CVE-2024-11364 2 Microsoft, Rockwellautomation 2 Windows, Arena 2025-07-11 7.3 High
Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
CVE-2018-9378 1 Google 1 Android 2025-07-10 6.2 Medium
In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-24941 1 Microsoft 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more 2025-07-10 9.8 Critical
Windows Network File System Remote Code Execution Vulnerability
CVE-2024-38122 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-10 5.5 Medium
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
CVE-2024-38118 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-10 5.5 Medium
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
CVE-2025-4573 1 Mattermost 2 Mattermost, Mattermost Server 2025-07-08 4.1 Medium
Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT /api/v4/ldap/groups/{remote_id}/link API when objectGUID is configured as the Group ID Attribute.
CVE-2024-49029 1 Microsoft 4 365 Apps, Excel, Office and 1 more 2025-07-08 7.8 High
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-36022 1 Redhat 1 Enterprise Linux 2025-06-19 4.4 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-43845 1 Linux 1 Linux Kernel 2025-06-19 3.3 Low
In the Linux kernel, the following vulnerability has been resolved: udf: Fix bogus checksum computation in udf_rename() Syzbot reports uninitialized memory access in udf_rename() when updating checksum of '..' directory entry of a moved directory. This is indeed true as we pass on-stack diriter.fi to the udf_update_tag() and because that has only struct fileIdentDesc included in it and not the impUse or name fields, the checksumming function is going to checksum random stack contents beyond the end of the structure. This is actually harmless because the following udf_fiiter_write_fi() will recompute the checksum from on-disk buffers where everything is properly included. So all that is needed is just removing the bogus calculation.
CVE-2022-50018 2025-06-18 4.4 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-31025 1 Nvidia 2 Dgx A100, Dgx A100 Firmware 2025-06-17 6.5 Medium
NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure.
CVE-2023-5138 1 Silabs 1 Gecko Software Development Kit 2025-06-03 6.8 Medium
Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B.
CVE-2023-42797 1 Siemens 4 Sicam A8000 Cp-8031, Sicam A8000 Cp-8031 Firmware, Sicam A8000 Cp-8050 and 1 more 2025-06-03 6.6 Medium
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps. By uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privileges during device startup.
CVE-2023-32213 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-05-27 8.8 High
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
CVE-2024-54852 1 Sismics 1 Teedy 2025-05-24 9.8 Critical
When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary accounts and spraying passwords.