Lucene search
K

832 matches found

RedHat Linux
RedHat Linux
added 2025/05/05 10:13 a.m.4 views

firefox: thunderbird: Privilege escalation in Firefox Updater

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the...

8.8CVSS7.4AI score0.00538EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2025/04/30 3:18 a.m.2 views

SUSE CVE-2025-2817

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations...

7.8CVSS7.3AI score0.00538EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.25 views

Mozilla Firefox ESR < 128.10

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-29 advisory. - Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memo...

9.1CVSS8.1AI score0.00538EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.5 views

Mozilla Firefox ESR < 115.23

The version of Firefox ESR installed on the remote Windows host is prior to 115.23. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-30 advisory. - A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allo...

9.1CVSS8.2AI score0.00538EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2025/04/17 12:0 a.m.6 views

EXAM: Exploiting Exclusive System-Level Cache in Apple M-Series SoCs for Enhanced Cache Occupancy Attacks

Cache occupancy attacks exploit the shared nature of cache hierarchies to infer a victim's activities by monitoring overall cache usage, unlike access-driven cache attacks that focus on specific cache lines or sets. There exists some prior work that target the last-level cache LLC of Intel...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/15 12:0 a.m.2 views

Cybersecurity through Entropy Injection: a Paradigm Shift from Reactive Defense to Proactive Uncertainty

Cybersecurity often hinges on unpredictability, with a system's defenses being strongest when sensitive values and behaviors cannot be anticipated by attackers. This paper explores the concept of entropy injection-deliberately infusing randomness into security mechanisms to increase...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/04/14 12:0 a.m.5 views

The vulnerability of the software for providing secure remote access to data in the Palo Alto Networks GlobalProtect App, related to errors in processing input data, allows a malicious actor to elevate their privileges to a system-level level.

The vulnerability of the software for providing secure remote access to data in the Palo Alto Networks GlobalProtect App is related to errors in processing input data. Exploiting this vulnerability can allow attackers to elevate their privileges to a system-level level...

5.9CVSS5.5AI score0.0015EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/14 10:26 p.m.16 views

CVE-2025-1984

Xerox Desktop Print Experience application contains a Local Privilege Escalation LPE vulnerability, which allows a low-privileged user to gain SYSTEM-level access...

5.2CVSS7AI score0.00129EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.5 views

The vulnerability of the Windows Core Messaging component in Windows operating systems allows a perpetrator to elevate their privileges to a system-level level.

The vulnerability of the Windows Core Messaging component in Windows operating systems is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow an attacker to elevate their privileges to a system-level level...

7.5CVSS5.7AI score0.00605EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.5 views

The vulnerability of the Azure Agent for Backup software, which is responsible for data backup, and the Azure Agent for Site Recovery software, which handles replication and disaster recovery, allows a malicious individual to elevate their privileges to a system-level level.

The vulnerability of the Azure Agent for Backup software, as well as the Azure Agent for Site Recovery software, relates to insecure privilege management. Exploiting this vulnerability could allow an attacker to elevate their privileges to a system-level level...

6.7CVSS7.5AI score0.00418EPSS
Exploits0References2
NVD
NVD
added 2025/03/12 4:15 p.m.8 views

CVE-2025-1984

Xerox Desktop Print Experience application contains a Local Privilege Escalation LPE vulnerability, which allows a low-privileged user to gain SYSTEM-level access...

5.2CVSS0.00129EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/12 3:27 p.m.4 views

CVE-2025-1984 Local Privilege Escalation on Xerox® Desktop Print Experience® v8.5

Xerox Desktop Print Experience application contains a Local Privilege Escalation LPE vulnerability, which allows a low-privileged user to gain SYSTEM-level access...

5.2CVSS7.1AI score0.00129EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/12 3:27 p.m.14 views

CVE-2025-1984 Local Privilege Escalation on Xerox® Desktop Print Experience® v8.5

Xerox Desktop Print Experience application contains a Local Privilege Escalation LPE vulnerability, which allows a low-privileged user to gain SYSTEM-level access...

5.2CVSS0.00129EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/03/12 12:0 a.m.6 views

The vulnerability of Microsoft Cross-Device operating system services allows attackers to elevate their privileges to a system-level level.

The vulnerability of Microsoft Cross-Device operating system services is related to access control errors. Exploiting this vulnerability can allow attackers to elevate their privileges to a system-level level...

7.3CVSS7.2AI score0.01165EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/03/11 12:0 a.m.4 views

PT-2025-10819

Name of the Vulnerable Software and Affected Versions Microsoft Windows 11 version 22H2 Microsoft Windows versions prior to 10.0.22621.0 Description An improper access control issue exists within the Windows Cross Device Service. This allows an authorized attacker to gain elevated privileges...

7.3CVSS7.4AI score0.03035EPSS
Exploits3References37
Tenable Nessus
Tenable Nessus
added 2025/03/01 12:0 a.m.23 views

SUSE SLES15 / openSUSE 15 Security Update : azure-cli (SUSE-SU-2025:0751-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0751-1 advisory. - CVE-2024-43591: improper neutralization of special elements could allow users to run Azure CLI commands that result in certa...

9.1CVSS5.5AI score0.01609EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/14 11:43 a.m.11 views

CVE-2024-29737

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

8.8CVSS7.5AI score0.01117EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.10 views

PT-2025-6327

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description The issue is related to an elevation of privilege vulnerability in Windows Storage. It allows an attacker to elevate their privileges to the level of SYSTEM and delete targeted file...

7.1CVSS9AI score0.02143EPSS
Exploits0References85
RedhatCVE
RedhatCVE
added 2025/02/08 4:34 a.m.12 views

CVE-2024-48394

A Time-of-Check to Time-of-Use TOCTOU vulnerability has been identified in the driver of the NDD Print solution, which could allow an unprivileged user to exploit this flaw and gain SYSTEM-level access on the device. The vulnerability affects version 5.24.3 and before of the software...

7.8CVSS6.9AI score0.00128EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/05 12:0 a.m.6 views

CVE-2024-48394

A Time-of-Check to Time-of-Use TOCTOU vulnerability has been identified in the driver of the NDD Print solution, which could allow an unprivileged user to exploit this flaw and gain SYSTEM-level access on the device. The vulnerability affects version 5.24.3 and before of the software...

7.7AI score0.00128EPSS
Exploits0References1
Rows per page
Query Builder