1070 matches found
CVE-2023-6381 Improper input validation in Newsletter Software SuperMailer
Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. An attacker could exploit this vulnerability by sending a malicious configuration file file with SMB extension to a user via a link or email attachment and persuade the user to open the file...
CVE-2023-42557
Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code...
CVE-2023-42557
The CVE-2023-42557 issue affects libIfaaCa prior to Samsung SMR Dec-2023 Release 1. It is described as an out-of-bounds write that enables local attackers to execute arbitrary code. Affected software/component: libIfaaCa; root cause: out-of-bounds write; impact: local code execution with HIGH con...
CVE-2023-32855
In aee, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07909204; Issue ID: ALPS07909204...
CVE-2023-34052
VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass...
CVE-2023-34043
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'...
CVE-2023-34043
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'...
Remote Code Execution (RCE)
Firefox is vulnerable to Remote Code Execution. The vulnerability is due to a lack of validation when creating shortcuts, which could allow an attacker to trick a user into create a shortcut that points to local system files...
CVE-2023-37203
Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox 115...
Input validation
Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox 115...
CVE-2023-37203
Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox 115...
CVE-2023-37203
Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox 115...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an input validation error vulnerability that stems from insufficient validation of the drag-and-drop API in combination with social engineering, which can be exploited by a...
Mozilla Firefox Security Advisories (MFSA2023-22, MFSA2023-24) - Mac OS X
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
CVE-2023-35799
Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges...
CVE-2023-35799
Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges...
Code injection
Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges...
CVE-2023-35799
Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges...
CVE-2023-35799
Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges...
CVE-2023-35799
Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges...