Lucene search
K

7657 matches found

Slackware Linux
Slackware Linux
added 2023/12/19 9:32 p.m.30 views

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-115.6.0-i686-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. For mor...

8.8CVSS6.6AI score0.20472EPSS
Exploits0
Slackware Linux
Slackware Linux
added 2023/12/19 9:32 p.m.40 views

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-115.6.0esr-i686-1slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...

8.8CVSS6.7AI score0.20472EPSS
Exploits0
Snyk
Snyk
added 2023/12/18 7:34 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the currentqueue parameter in the path of the queues endpoint. An attacker can manipulate the output displayed to the user by injecting malicious scripts into the web page. Details Cross-site scripting or XS...

6.3CVSS5.3AI score0.00484EPSS
Exploits1References2
Snyk
Snyk
added 2023/12/18 7:33 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the currentqueue portion of the path on the /queues endpoint. An attacker can manipulate the output of the web page by injecting malicious scripts into the URL path. Details Cross-site scripting or XSS is a...

6.3CVSS5.3AI score0.00514EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/18 12:0 a.m.5 views

PT-2023-31623 · Resque · Resque

Name of the Vulnerable Software and Affected Versions: Resque versions prior to 2.1.0 Description: The issue is related to reflected Cross Site Scripting XSS through the current queue parameter in the path of the queues endpoint. This allows for potential exploitation by manipulating the endpoint...

6.3CVSS5.9AI score0.00484EPSS
Exploits1References13
OSV
OSV
added 2023/12/15 9:15 a.m.3 views

CVE-2023-48387

TAIWAN-CATWCA JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an...

8.8CVSS6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/15 12:0 a.m.5 views

PT-2023-30811 · Unknown · Jcicsecuritytool

Name of the Vulnerable Software and Affected Versions: JCICSecurityTool affected versions not specified Description: The issue arises from the JCICSecurityTool's failure to check the source website and access locations when executing multiple Registry-related functions. If a user, who has complet...

8.8CVSS7.9AI score0.0103EPSS
Exploits0References7
Zero Day Initiative
Zero Day Initiative
added 2023/12/14 12:0 a.m.16 views

Microsoft Excel SKP File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...

7.8CVSS7.2AI score0.00841EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/12/14 12:0 a.m.20 views

Adobe Illustrator JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J...

7.8CVSS7.1AI score0.00421EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/12/14 12:0 a.m.21 views

Adobe Illustrator JP2 File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J...

7.8CVSS7.2AI score0.00462EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/12/14 12:0 a.m.32 views

Adobe Prelude MP4 File Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Prelude. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...

3.3CVSS6.4AI score0.00367EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/12/14 12:0 a.m.16 views

Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

3.3CVSS6.3AI score0.00367EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/12/14 12:0 a.m.21 views

Microsoft Excel SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...

7.8CVSS7.1AI score0.00841EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/14 12:0 a.m.4 views

PT-2023-35641 · Fasterxml · Jackson-Dataformat-Xml

Name of the Vulnerable Software and Affected Versions: Jackson Dataformat YAML affected versions not specified Description: A security exception occurs in the Jackson Dataformat YAML library, specifically in the com.fasterxml.jackson.dataformat.yaml.YAMLParser class, when the currentName or...

6.9AI score
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2023/12/14 12:0 a.m.22 views

Adobe After Effects AEP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS6.9AI score0.00338EPSS
Exploits0References1
OSV
OSV
added 2023/12/13 2:15 a.m.4 views

CVE-2023-47577

An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no check for current password...

9.8CVSS5.8AI score0.00706EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/12/13 12:0 a.m.18 views

Microsoft Skype Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...

8.8CVSS7.4AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/12/13 12:0 a.m.8 views

Microsoft Word SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...

7.8CVSS7.2AI score
Exploits0References1
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.4 views

Adobe Substance 3D Designer 缓冲区错误漏洞

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Substance 3D Designer version 13.0.0 and prior versions, which can be exploited by an attacker to execute arbitrary code in the current user's...

7.8CVSS7.7AI score0.00329EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.4 views

Adobe After Effects 缓冲区错误漏洞

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. A security vulnerability exists in Adobe After Effects, which can be...

7.8CVSS7.2AI score0.00338EPSS
Exploits0References3
Rows per page
Query Builder