CVE-2023-27325 Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability

Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host...

CVE-2023-27324 Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability

Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host...

CVE-2023-27324

CVE-2023-27324 affects Parallels Desktop Updater on macOS. The Updater service suffers from improper initialization of environment variables, enabling a local attacker to escalate privileges to root by executing low-privileged code on the target host. Documents consistently identify the impact as...

CVE-2023-27322

CVE-2023-27322 affects Parallels Desktop Service, with a local privilege escalation caused by improper initialization of environment variables in the Parallels Service. The vulnerability enables a local attacker who already has low-privilege code execution access to escalate to root and execute a...

CVE-2023-27322 Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability

Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host...

CVE-2023-27322 Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability

Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host...

PDF-XChange Editor 安全漏洞

PDF-XChange Editor is a PDF file viewing software from PDF-XChange, Inc. that runs on Microsoft Windows systems. A security vulnerability exists in PDF-XChange Editor, which originates from a PDF File Parsing Uninitialized Variable Information Disclosure vulnerability...

PT-2024-25678 · Unknown · Pterodactyl

Name of the Vulnerable Software and Affected Versions: Pterodactyl versions prior to 1.11.6 Description: Importing a malicious egg or gaining access to a wings instance could lead to cross-site scripting XSS on the panel, potentially allowing an attacker to gain an administrator account. The...

CVE-2024-33436

An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS variables...

CVE-2024-33436

An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS variables...

grub2: out-of-bounds read at fs/ntfs.c

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to...

CVE-2024-33436

An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS variables...

CVE-2024-33436

An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS variables...

CVE-2024-33436

CVE-2024-33436 affects CSS Exfil Protection v1.1.0. All connected sources describe an issue where missing support for CSS variables enables a remote attacker to obtain sensitive information. The vulnerability is documented across NVD, Red Hat, CNNVD, CVE.org, and related feeds. Technical specific...

RHEL 7 : qemu-kvm-rhev (RHSA-2019:2425)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2425 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provi...

vyper performs incorrect topic logging in raw_log

Summary Incorrect values can be logged when rawlog builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. In particular, no uses of rawlog were found at all in production; it is apparently not ...

GHSA-C3WV-QMJJ-45R6 Information disclosure in podman

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into...

Information disclosure in podman

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into...

nodejs: code injection and privilege escalation through Linux capabilities

A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this...

nodejs: code injection and privilege escalation through Linux capabilities

A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this...