Vulnerabilities (CVE)

Filtered by CWE-226
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-41138 1 Appsanywhere 1 Appsanywhere Client 2024-11-21 N/A 7.5 HIGH
The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process.
CVE-2024-21850 2024-11-15 N/A 6.0 MEDIUM
Sensitive information in resource not removed before reuse in some Intel(R) TDX Seamldr module software before version 1.5.02.00 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-7883 2024-11-01 N/A 3.7 LOW
When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.
CVE-2024-38275 2024-07-03 N/A 7.5 HIGH
The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.
CVE-2024-32036 2024-04-16 N/A 5.3 MEDIUM
ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.