Filtered by NVD-CWE-noinfo
Total 35577 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-29871 2 Intel, Intel Csme Software Installer 432 Atom X5-e3930, Atom X5-e3940, Atom X6200fe and 429 more 2025-02-13 6.7 Medium
Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-28735 2 Gnu, Redhat 4 Grub2, Enterprise Linux, Rhel E4s and 1 more 2025-02-13 6.7 Medium
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.
CVE-2022-23824 3 Amd, Fedoraproject, Xen 336 A10-9600p, A10-9600p Firmware, A10-9630p and 333 more 2025-02-13 5.5 Medium
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
CVE-2022-21628 5 Azul, Fedoraproject, Netapp and 2 more 20 Zulu, Fedora, 7-mode Transition Tool and 17 more 2025-02-13 5.3 Medium
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2022-0812 1 Linux 1 Linux Kernel 2025-02-13 4.3 Medium
An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.
CVE-2021-4324 1 Google 1 Chrome 2025-02-13 6.5 Medium
Insufficient policy enforcement in Google Update in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to read arbitrary files via a malicious file. (Chromium security severity: Medium)
CVE-2021-4323 1 Google 1 Chrome 2025-02-13 6.5 Medium
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to access local files via a crafted Chrome Extension. (Chromium security severity: Medium)
CVE-2021-4321 1 Google 1 Chrome 2025-02-13 4.3 Medium
Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
CVE-2021-4318 1 Google 1 Chrome 2025-02-13 8.8 High
Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2021-4316 1 Google 1 Chrome 2025-02-13 4.3 Medium
Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low)
CVE-2021-28446 1 Microsoft 18 Windows 10, Windows 10 1607, Windows 10 1809 and 15 more 2025-02-13 7.1 High
Windows Portmapping Information Disclosure Vulnerability
CVE-2021-27576 1 Apache 1 Openmeetings 2025-02-13 7.5 High
If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0
CVE-2021-26919 1 Apache 1 Druid 2025-02-13 8.8 High
Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2
CVE-2021-25646 1 Apache 1 Druid 2025-02-13 8.8 High
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.
CVE-2021-25329 4 Apache, Debian, Oracle and 1 more 15 Tomcat, Debian Linux, Agile Plm and 12 more 2025-02-13 7.0 High
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.
CVE-2020-17526 1 Apache 1 Airflow 2025-02-13 7.7 High
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.
CVE-2020-13936 4 Apache, Debian, Oracle and 1 more 22 Velocity Engine, Wss4j, Debian Linux and 19 more 2025-02-13 8.8 High
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.
CVE-2019-4036 1 Ibm 1 Security Access Manager 2025-02-13 7.5 High
IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159.
CVE-2023-28342 1 Zohocorp 1 Manageengine Adselfservice Plus 2025-02-13 7.5 High
Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API.
CVE-2024-36857 2 Homebrew, Janhq 2 Jan, Jan 2025-02-13 7.5 High
Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.