Mozilla Thunderbird < 128.11

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 128.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-46 advisory. - Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of...

Mozilla Firefox ESR < 115.24

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.24. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-43 advisory. - A double-free could have occurred in vpxcodecencinitmulti after a failed allocation when initializing t...

Mozilla Firefox ESR < 128.11

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-44 advisory. - Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of...

Mozilla Firefox ESR < 115.24

The version of Firefox ESR installed on the remote Windows host is prior to 115.24. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-43 advisory. - A double-free could have occurred in vpxcodecencinitmulti after a failed allocation when initializing the encoder...

Mozilla Firefox < 139.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 139.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-42 advisory. - Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some...

Mozilla Firefox < 139.0

The version of Firefox installed on the remote Windows host is prior to 139.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-42 advisory. - Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these...

Mozilla -- local code execution

[email protected] reports: Due to insufficient escaping of the newline character in the Copy as cURL feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system...

CVE-2024-28699

A buffer overflow vulnerability in pdf2json v0.70 allows a local attacker to execute arbitrary code via the GString::copy and ImgOutputDev::ImgOutputDev function...

CVE-2024-28951

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free...

CVE-2024-30961

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2btnavigator...

CVE-2024-23774

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An unquoted Windows search path vulnerability exists in the KSchedulerSvc.exe and AMPTools.exe components. This allows local attackers to execute code of their choice with NT Authority\SYSTEM privileges...

CVE-2024-23461

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4...

CVE-2024-37860

Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2amcl process...

CVE-2023-32184

A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a...

CVE-2023-46989

SQL Injection vulnerability in the Innovadeluxe Quick Order module for PrestaShop before v.1.4.0, allows local attackers to execute arbitrary code via the getProducts function in the productlist.php file...

CVE-2023-41970

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62...

CVE-2023-46587

Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file...

CVE-2023-30695

Out-of-bounds Write vulnerability in SSHDCPAPP TA prior to "SAMSUNG ELECTONICS, CO, LTD. - System Hardware Update - 7/13/2023" in Windows Update for Galaxy book Go, Galaxy book Go 5G, Galaxy book2 Go and Galaxy book2 Pro 360 allows local attacker to execute arbitrary code...

CVE-2023-1577

A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges...

CVE-2023-26912

Cross site scripting XSS vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button...