CVE-2023-5108

The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2023-32804

Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Driver, Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a local non-privileged user to write a constant pattern to a limited amount of memory...

CVE-2023-4593

CVE-2023-4593 describes a path traversal vulnerability in BVRP Software SLmail. An authenticated remote user could bypass restrictions and enumerate files/directories outside the web root by manipulating the dodoc parameter in the /MailAdmin_dll.htm (MailAdmin dll.htm) entry, potentially exposing...

Code injection

IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965...

AZL-34802 CVE-2023-46813 affecting package hyperv-daemons for versions less than 6.6.29.1-1

An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory and th...

DEBIAN-CVE-2023-43786

A vulnerability was found in libX11 due to an infinite loop within the PutSubImage function. This flaw allows a local user to consume all available system resources and cause a denial of service condition...

K41072952: BIG-IP Appliance mode external monitor vulnerability CVE-2023-43746

Security Advisory Description When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary...

CVE-2023-33200 Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations

A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory...

CVE-2023-32491

Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure...

PT-2023-4325 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an out-of-bounds memory access flaw in the do journal end function in the fs/reiserfs/journal.c module of the Linux kernel's reiserfs filesystem. This flaw can ...

CVE-2023-38497

CVE-2023-38497 concerns Cargo and Rust: older Cargo (pre-0.72.2) bundled with Rust pre-1.71.1 did not respect the umask when extracting crate archives, allowing a local-privilege-like impact where a local user could alter source code being compiled and executed by the current user. The issue is m...

CVE-2023-1386

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the gue...

ROS-2-2073

2.2073 Denial of service in libX11CVE-2021-31535 1. Vulnerability Description: The vulnerability allows a local user to execute a denial of service DoS attack. The vulnerability exists due to insufficient validation of color names in the XLookupColor function. A local user can launch a specially...

CVE-2023-28071

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Servi...

PT-2023-21506 · Dell · Dell Bios

Name of the Vulnerable Software and Affected Versions: Dell BIOS affected versions not specified Description: The issue is related to an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability to modify...

CVE-2023-0976

A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. The malicious file is executed by running the TA deployment feature located in the System Tree...

WordPress plugin WooCommerce Order Status Change Notifier 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2023-28357

A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a membe...

kernel: Kernel: Denial of Service via memory leak in bnxt_nvm_test()

A flaw was found in the Linux kernel. A local user could exploit a memory leak in the bnxtnvmtest function. This vulnerability, categorized as a memory corruption issue, could lead to a Denial of Service DoS by exhausting system resources...

Trellix Agent < 5.7.9 Multiple Vulnerabilities (SB10396)

The version of Trellix Agent, formerly McAfee Agent or McAfee Policy Orchestrator ePO Agent, installed on the remote host is prior to 5.7.9. It is, therefore, affected by multiple vulnerabilities: - A vulnerability exists in TA for Windows 5.7.8 and earlier, which allows local users, during...