CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Veracode•added 2023/08/06 10:4 p.m.•23 views

Use-After-Free

firefox is vulnerable to Use-After-Free. An attacker could exploit this vulnerability by tricking a user into visiting a malicious website or by opening a malicious attachment. If the user is using a vulnerable version of Firefox, the attacker could execute arbitrary code on the user's system. Th...

8.8CVSS7.7AI score0.00496EPSS

Exploits0References4Affected Software2

CISA•added 2023/08/02 12:0 p.m.•3 views

Mozilla Releases Security Updates for Multiple Products

Mozilla has released security updates to address vulnerabilities for Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrato...

7.3AI score

Exploits0References5

UbuntuCve•added 2023/07/13 9:15 a.m.•21 views

CVE-2023-29449

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles Admin and Superadmin. Administrative privileges should be typically granted ...

5.9CVSS6AI score0.00992EPSS

Exploits0References2

CISA•added 2023/07/11 12:0 p.m.•4 views

Mozilla Releases Security Update for Firefox and Firefox ESR

Mozilla has released a security update to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Mozilla Security Advisory MFSA 2023-26link is external and apply the...

7.3AI score

RedHat Linux•added 2023/06/05 6:54 p.m.•6 views

kernel: stack overflow in do_proc_dointvec and proc_skip_spaces

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system...

Prion•added 2023/05/31 5:15 a.m.•16 views

Command injection

Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the...

7.5CVSS9.8AI score0.01478EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/05/22 7:22 a.m.•7 views

CVE-2022-0010 QCS 800xA Vulnerability identified in system log files

Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could...

7.8CVSS7.1AI score0.00227EPSS

RedHat Linux•added 2023/05/09 10:4 a.m.•1 views

kernel: tcp: Fix data-races around sysctl_tcp_l3mdev_accept.

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpl3mdevaccept. While reading sysctltcpl3mdevaccept, it can be changed concurrently. Thus, we need to add READONCE to its readers...

4.7CVSS6.3AI score0.00188EPSS

Exploits0References5

RedHat Linux•added 2023/04/18 2:5 p.m.•2 views

kernel: stack overflow in do_proc_dointvec and proc_skip_spaces

RedHat Linux•added 2023/04/04 9:8 a.m.•0 views

kernel: stack overflow in do_proc_dointvec and proc_skip_spaces

BDU FSTEC•added 2023/03/30 12:0 a.m.•4 views

The vulnerability of the ML lifecycle management platform, related to an incorrect restriction on the path name for the restricted access catalog, allows a perpetrator to gain unauthorized access to protected information, execute arbitrary code, or obtain full control over the system.

The vulnerability of the ML lifecycle management platform is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information, execute arbitrary code, or gain full contr...

10CVSS8AI score0.69468EPSS

Exploits2References3Affected Software1

CNNVD•added 2023/03/27 12:0 a.m.•4 views

HGiga PowerStation 信息泄露漏洞

HGiga PowerStation is a network load balancing system from HGiga Technology HGiga, a Chinese company. An information disclosure vulnerability exists in HGiga PowerStation versions prior to x64.6.2.165, which stems from the presence of an information disclosure. An attacker can exploit this...

9.8CVSS8.5AI score0.011EPSS

Exploits0References2

Cvelist•added 2023/03/14 12:0 a.m.•12 views

CVE-2023-26511

A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Propius MachineSelector 6.6.0 and 6.6.1 allows remote attackers to gain access to the admin panel Propiusadmin.php, which allows taking control of the affected system...

9.8AI score0.00894EPSS

The Hacker News•added 2023/03/09 2:54 p.m.•59 views

Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware

Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center ASEC, in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on...

1.4AI score

Exploits0

RedHat Linux•added 2023/03/07 1:17 p.m.•3 views

kernel: stack overflow in do_proc_dointvec and proc_skip_spaces

RedHat Linux•added 2023/03/07 10:4 a.m.•3 views

kernel: stack overflow in do_proc_dointvec and proc_skip_spaces

RedHat Linux•added 2023/03/07 9:58 a.m.•2 views

kernel: stack overflow in do_proc_dointvec and proc_skip_spaces