Lucene search
+L

419 matches found

attackerkb
attackerkb
added 2025/08/05 8:3 p.m.5 views

CVE-2012-10032

Maxthon3 version 3.2.2 build 1000 and prior are vulnerable to cross context scripting XCS via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification o...

8.7CVSS6.1AI score0.00883EPSS
Exploits0References6
alpinelinux
alpinelinux
added 2025/07/04 12:0 a.m.4 views

CVE-2025-49809

mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTRPACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries...

7.8CVSS7.2AI score0.00142EPSS
Exploits0
cnnvd
cnnvd
added 2024/11/12 12:0 a.m.3 views

Fortinet FortiClient 安全漏洞

Fortinet FortiClient is a mobile endpoint security solution from Fortinet, Inc. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exists in Fortinet...

8.8CVSS6.6AI score0.00219EPSS
Exploits0References2
nvd
nvd
added 2024/09/20 5:15 p.m.20 views

CVE-2024-45489

Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however because of misconfigured Firebase ACLs, it is possible to create or update a boost using another user's ID. This installs the boost in the victim's browser and...

9.8CVSS0.01238EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2024/09/20 12:0 a.m.11 views

CVE-2024-45489

Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however because of misconfigured Firebase ACLs, it is possible to create or update a boost using another user's ID. This installs the boost in the victim's browser and...

9.7AI score0.01238EPSS
Exploits0References3
cvelist
cvelist
added 2024/09/20 12:0 a.m.21 views

CVE-2024-45489

Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however because of misconfigured Firebase ACLs, it is possible to create or update a boost using another user's ID. This installs the boost in the victim's browser and...

0.01238EPSS
Exploits0References3
osv
osv
added 2024/04/12 11:7 a.m.4 views

OESA-2024-1369 firefox security update

Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have...

8.8CVSS8.4AI score0.26709EPSS
Exploits0References2
huntr
huntr
added 2023/08/14 11:2 a.m.16 views

Stored XSS via user's Username

Description The application allows creating users with Username containing Malicious HTML/Javascript that can be executed in the users’ privileged context during the user editing process or visiting a phishing link. Proof of Concept Step 1: A privileged user creates a normal user account with...

6.3AI score
Exploits0References1
xen
xen
added 2023/08/08 5:0 p.m.56 views

x86/Intel: Gather Data Sampling

ISSUE DESCRIPTION A researcher has discovered Gather Data Sampling, a transient execution side-channel whereby the AVX GATHER instructions can forward the content of stale vector registers to dependent instructions. The physical register file is a structure competitively shared between sibling...

6.5CVSS6.8AI score0.03882EPSS
Exploits1
xen
xen
added 2023/07/24 4:3 p.m.51 views

x86/AMD: Zenbleed

ISSUE DESCRIPTION Researchers at Google have discovered Zenbleed, a hardware bug causing corruption of the vector registers. When a VZEROUPPER instruction is discarded as part of a bad transient execution path, its effect on internal tracking are not unwound correctly. This manifests as the wrong...

5.5CVSS6.7AI score0.05794EPSS
Exploits1
susecve
susecve
added 2023/02/15 5:45 a.m.4 views

SUSE CVE-2012-4203

The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark...

6.8CVSS8.9AI score0.03263EPSS
Exploits1References4
susecve
susecve
added 2023/02/15 5:30 a.m.5 views

SUSE CVE-2014-1529

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page f...

8.8CVSS8.8AI score0.03749EPSS
Exploits1References10
susecve
susecve
added 2023/02/15 4:57 a.m.1 views

SUSE CVE-2016-7644

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service...

9.3CVSS6.9AI score0.0676EPSS
Exploits5References3
nvd
nvd
added 2022/12/22 8:15 p.m.22 views

CVE-2022-1802

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0,...

8.8CVSS0.26709EPSS
Exploits0References2
osv
osv
added 2022/12/22 8:15 p.m.2 views

DEBIAN-CVE-2022-1802

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0,...

8.8CVSS8.5AI score0.26709EPSS
Exploits0References1
debiancve
debiancve
added 2022/12/22 12:0 a.m.63 views

CVE-2022-1802

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0,...

8.8CVSS8.8AI score0.26709EPSS
Exploits0
alpinelinux
alpinelinux
added 2022/12/22 12:0 a.m.65 views

CVE-2022-1802

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0,...

8.8CVSS8.2AI score0.26709EPSS
Exploits0
nessus
nessus
added 2022/12/15 12:0 a.m.21 views

Zoom Client for Meetings < 5.3.0 Vulnerability (ZSB-21003)

The version of Zoom Client for Meetings installed on the remote host is prior to 5.3.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-21003 advisory. - The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate...

10CVSS9.1AI score0.0302EPSS
Exploits0References2
cnvd
cnvd
added 2022/10/25 12:0 a.m.24 views

Dell PowerScale OneFS has an unspecified vulnerability (CNVD-2023-12629)

Dell PowerScale OneFS is an operating system from Dell USA Inc. Dell PowerScale OneFS has a security vulnerability that stems from the inclusion of a privileged context switch error, which could be exploited by an attacker to compromise the entire system...

6.7CVSS4.6AI score0.0017EPSS
Exploits0References1
cnnvd
cnnvd
added 2022/10/21 12:0 a.m.6 views

Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is an operating system from Dell USA Inc. Dell PowerScale OneFS has a security vulnerability that stems from the inclusion of a privileged context switch error, which could be exploited by an attacker to compromise the entire system...

6.7CVSS6.5AI score0.0017EPSS
Exploits0References2
Rows per page
Query Builder