849 matches found
CVE-2023-31017
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information...
Design/Logic Flaw
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information...
CVE-2023-31017 CVE
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information...
CVE-2023-31017 CVE
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information...
CVE-2023-31017
CVE-2023-31017 : NVIDIA GPU Display Driver for Windows contains a vulnerability that allows an attacker to write arbitrary data to privileged locations via reparse points, potentially enabling code execution, DoS, privilege escalation, information disclosure, or data tampering. Public documentati...
CVE-2023-39283
An SMM memory corruption vulnerability in the SMM driver SMRAM write in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation...
CVE-2023-5725
A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1...
Medium: bluez
Issue Overview: An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVCATTRREQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in...
Sql injection
Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database including the user table. This issue may lead to Information Disclosur...
CVE-2023-44124
The vulnerability is to theft of arbitrary files with system privilege in the Screen recording "com.lge.gametools.gamerecorder" app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be...
Design/Logic Flaw
The vulnerability is to theft of arbitrary files with system privilege in the Screen recording "com.lge.gametools.gamerecorder" app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be...
CVE-2023-42450
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if...
CVE-2023-42450 Mastodon Server-Side Request Forgery vulnerability
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if...
Mastodon Code Issue Vulnerability
Mastodon is an open source social network server based on ActivityPub. A code issue vulnerability exists in Mastodon versions 4.2.0-beta1 through 4.2.0-rc2, which can be exploited by an attacker to inject arbitrary data into HTTP requests sent by Mastodon by crafting specific inputs...
Ivanti Avalanche MDM Buffer Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Avalanche MDM Buffer Overflow', 'Description' = %q This module exploits a buffer overflow condition in Ivanti Avalanche MDM versions befor...
CVE-2021-40698
ColdFusion version 2021 update 1 and earlier and versions 2018.10 and earlier are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass . An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on...
Security feature bypass
ColdFusion version 2021 update 1 and earlier and versions 2018.10 and earlier are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass??. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on...
CVE-2021-40698 ColdFusion Use of Inherently Dangerous Function Leads To Security feature bypass
ColdFusion version 2021 update 1 and earlier and versions 2018.10 and earlier are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass . An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on...
CVE-2021-40698 ColdFusion Use of Inherently Dangerous Function Leads To Security feature bypass
ColdFusion version 2021 update 1 and earlier and versions 2018.10 and earlier are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass . An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on...
CVE-2023-30711
Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider...