832 matches found
firefox: thunderbird: Privilege escalation in Firefox Updater
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the...
SUSE CVE-2025-2817
Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations...
Mozilla Firefox ESR < 128.10
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-29 advisory. - Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memo...
Mozilla Firefox ESR < 115.23
The version of Firefox ESR installed on the remote Windows host is prior to 115.23. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-30 advisory. - A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allo...
EXAM: Exploiting Exclusive System-Level Cache in Apple M-Series SoCs for Enhanced Cache Occupancy Attacks
Cache occupancy attacks exploit the shared nature of cache hierarchies to infer a victim's activities by monitoring overall cache usage, unlike access-driven cache attacks that focus on specific cache lines or sets. There exists some prior work that target the last-level cache LLC of Intel...
Cybersecurity through Entropy Injection: a Paradigm Shift from Reactive Defense to Proactive Uncertainty
Cybersecurity often hinges on unpredictability, with a system's defenses being strongest when sensitive values and behaviors cannot be anticipated by attackers. This paper explores the concept of entropy injection-deliberately infusing randomness into security mechanisms to increase...
The vulnerability of the software for providing secure remote access to data in the Palo Alto Networks GlobalProtect App, related to errors in processing input data, allows a malicious actor to elevate their privileges to a system-level level.
The vulnerability of the software for providing secure remote access to data in the Palo Alto Networks GlobalProtect App is related to errors in processing input data. Exploiting this vulnerability can allow attackers to elevate their privileges to a system-level level...
CVE-2025-1984
Xerox Desktop Print Experience application contains a Local Privilege Escalation LPE vulnerability, which allows a low-privileged user to gain SYSTEM-level access...
The vulnerability of the Windows Core Messaging component in Windows operating systems allows a perpetrator to elevate their privileges to a system-level level.
The vulnerability of the Windows Core Messaging component in Windows operating systems is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow an attacker to elevate their privileges to a system-level level...
The vulnerability of the Azure Agent for Backup software, which is responsible for data backup, and the Azure Agent for Site Recovery software, which handles replication and disaster recovery, allows a malicious individual to elevate their privileges to a system-level level.
The vulnerability of the Azure Agent for Backup software, as well as the Azure Agent for Site Recovery software, relates to insecure privilege management. Exploiting this vulnerability could allow an attacker to elevate their privileges to a system-level level...
CVE-2025-1984
Xerox Desktop Print Experience application contains a Local Privilege Escalation LPE vulnerability, which allows a low-privileged user to gain SYSTEM-level access...
CVE-2025-1984 Local Privilege Escalation on Xerox® Desktop Print Experience® v8.5
Xerox Desktop Print Experience application contains a Local Privilege Escalation LPE vulnerability, which allows a low-privileged user to gain SYSTEM-level access...
CVE-2025-1984 Local Privilege Escalation on Xerox® Desktop Print Experience® v8.5
Xerox Desktop Print Experience application contains a Local Privilege Escalation LPE vulnerability, which allows a low-privileged user to gain SYSTEM-level access...
The vulnerability of Microsoft Cross-Device operating system services allows attackers to elevate their privileges to a system-level level.
The vulnerability of Microsoft Cross-Device operating system services is related to access control errors. Exploiting this vulnerability can allow attackers to elevate their privileges to a system-level level...
PT-2025-10819
Name of the Vulnerable Software and Affected Versions Microsoft Windows 11 version 22H2 Microsoft Windows versions prior to 10.0.22621.0 Description An improper access control issue exists within the Windows Cross Device Service. This allows an authorized attacker to gain elevated privileges...
SUSE SLES15 / openSUSE 15 Security Update : azure-cli (SUSE-SU-2025:0751-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0751-1 advisory. - CVE-2024-43591: improper neutralization of special elements could allow users to run Azure CLI commands that result in certa...
CVE-2024-29737
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
PT-2025-6327
Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description The issue is related to an elevation of privilege vulnerability in Windows Storage. It allows an attacker to elevate their privileges to the level of SYSTEM and delete targeted file...
CVE-2024-48394
A Time-of-Check to Time-of-Use TOCTOU vulnerability has been identified in the driver of the NDD Print solution, which could allow an unprivileged user to exploit this flaw and gain SYSTEM-level access on the device. The vulnerability affects version 5.24.3 and before of the software...
CVE-2024-48394
A Time-of-Check to Time-of-Use TOCTOU vulnerability has been identified in the driver of the NDD Print solution, which could allow an unprivileged user to exploit this flaw and gain SYSTEM-level access on the device. The vulnerability affects version 5.24.3 and before of the software...