Lucene search
K

7654 matches found

Slackware Linux
Slackware Linux
added 2023/06/06 8:30 p.m.24 views

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-102.12.0esr-i686-1slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...

9.8CVSS7AI score0.0093EPSS
Exploits0
OSV
OSV
added 2023/06/06 5:15 p.m.2 views

CVE-2023-27916

The affected application lacks proper validation of user-supplied data when parsing font files e.g., FNT. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process...

7.8CVSS7.4AI score
Exploits0References1
NVD
NVD
added 2023/06/06 5:15 p.m.21 views

CVE-2023-28653

The affected application lacks proper validation of user-supplied data when parsing project files e.g., CSP. This could lead to a use-after-free vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...

7.8CVSS7.8AI score0.00238EPSS
Exploits0References1
NVD
NVD
added 2023/06/06 5:15 p.m.9 views

CVE-2023-27916

The affected application lacks proper validation of user-supplied data when parsing font files e.g., FNT. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process...

7.8CVSS7.8AI score0.00227EPSS
Exploits0References1
Prion
Prion
added 2023/06/06 5:15 p.m.18 views

Type confusion

The affected application lacks proper validation of user-supplied data when parsing project files e.g., HMI. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process...

4.4CVSS7.7AI score0.00227EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/06/06 5:15 p.m.14 views

Stack overflow

The affected application lacks proper validation of user-supplied data when parsing project files e.g., CSP. This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...

4.4CVSS7.8AI score0.0023EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/06/06 4:42 p.m.23 views

CVE-2023-28653

The affected application lacks proper validation of user-supplied data when parsing project files e.g., CSP. This could lead to a use-after-free vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...

7.8CVSS8AI score0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/06 4:37 p.m.27 views

CVE-2023-29503

The affected application lacks proper validation of user-supplied data when parsing project files e.g., CSP. This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...

7.8CVSS8AI score0.0023EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/06 3:15 p.m.18 views

CVE-2023-32281

The affected application lacks proper validation of user-supplied data when parsing project files e.g., CSP. This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...

7.8CVSS7.9AI score0.00227EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/06/06 8:50 a.m.3 views

kernel: KVM: VMX: Fix crash due to uninitialized current_vmcs

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Fix crash due to uninitialized currentvmcs KVM enables 'Enlightened VMCS' and 'Enlightened MSR Bitmap' when running as a nested hypervisor on top of Hyper-V. When MSR bitmap is updated, evmcstouchmsrbitmap function uses...

5.6AI score0.0016EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2023/06/05 11:55 a.m.35 views

The Annual Report: 2024 Plans and Priorities for SaaS Security

Over 55% of security executives report that they have experienced a SaaS security incident in the past two years — ranging from data leaks and data breaches to SaaS ransomware and malicious apps as seen in figures 1 and 2. --- Figure 1. How many organizations have experienced a SaaS security...

6.5AI score
Exploits0
Slackware Linux
Slackware Linux
added 2023/06/02 9:6 p.m.52 views

[slackware-security] ntp

New ntp packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/ntp-4.2.8p16-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues. For more information, see:...

6.4CVSS7AI score0.00703EPSS
Exploits0
OSV
OSV
added 2023/06/02 5:15 p.m.2 views

CVE-2023-28163

When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.. This vulnerabilit...

6.5CVSS5.8AI score0.00798EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2023/06/02 5:15 p.m.43 views

CVE-2023-28163

When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.. This vulnerabilit...

6.5CVSS6.7AI score0.00798EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/06/02 12:0 a.m.33 views

CVE-2023-28163

When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.. This vulnerabilit...

6.5CVSS8.1AI score0.00798EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2023/06/01 12:0 a.m.14 views

Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.8AI score0.00347EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/06/01 12:0 a.m.11 views

Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.8AI score0.00347EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/06/01 12:0 a.m.13 views

Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.8AI score0.00347EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/06/01 12:0 a.m.14 views

Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.8AI score0.00347EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/06/01 12:0 a.m.19 views

Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.8AI score0.00347EPSS
Exploits0References1
Rows per page
Query Builder