Lucene search
+L

321 matches found

veracode
veracode
added 2023/11/02 7:56 a.m.16 views

Remote Code Execution (RCE)

dolibarr/dolibarr is vulnerable to Remote Code Execution. This vulnerability exists in the dolKeepOnlyPhpCode function in website.lib.php due to improper user inputs validation, allowing an attacker to inject and execute arbitrary PHP code in the system...

8.8CVSS8.1AI score0.32845EPSS
Exploits0References3Affected Software1
ubuntu
ubuntu
added 2023/10/31 2:47 p.m.64 views

USN-6463-1: Open VM Tools vulnerabilities

It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker Guest Operations privileges could possibly use this issue to escalate privileges. CVE-2023-34058 Matthias Gerstner discovered that Open VM Tools incorrectly handled file descriptors when dropping privileges. A...

7.5CVSS6.5AI score0.00672EPSS
Exploits0
redhatcve
redhatcve
added 2023/10/30 1:43 p.m.55 views

CVE-2023-34059

A flaw was found in open-vm-tools. This flaw allows a malicious actor with non-root privileges to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs...

7.4CVSS7.1AI score0.00402EPSS
Exploits0References3
veracode
veracode
added 2023/10/29 1:25 p.m.167 views

Privilege Escalation

open-vm-tools is vulnerable to Privilege Escalation. The vulnerability is a file descriptor hijack within the vmware-user-suid-wrapper allowing a malicious attacker to simulate user inputs...

7.4CVSS7AI score0.00402EPSS
Exploits0References12Affected Software1
nvd
nvd
added 2023/10/27 5:15 a.m.34 views

CVE-2023-34059

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...

7.4CVSS7.4AI score0.00402EPSS
Exploits0References11
cvelist
cvelist
added 2023/10/27 4:53 a.m.44 views

CVE-2023-34059

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...

7.4CVSS7.7AI score0.00402EPSS
Exploits0References10
vulnrichment
vulnrichment
added 2023/10/27 4:53 a.m.7 views

CVE-2023-34059

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...

7.4CVSS7AI score0.00402EPSS
Exploits0References10
osv
osv
added 2023/10/27 4:53 a.m.23 views

CVE-2023-34059

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...

7.4CVSS6.9AI score0.00402EPSS
Exploits0References13
debiancve
debiancve
added 2023/10/27 4:53 a.m.33 views

CVE-2023-34059

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...

7.4CVSS6.5AI score0.00402EPSS
Exploits0
ubuntucve
ubuntucve
added 2023/10/26 12:0 a.m.43 views

CVE-2023-34059

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...

7.4CVSS6.8AI score0.00402EPSS
Exploits0References4
veracode
veracode
added 2023/10/09 12:23 p.m.25 views

Denial Of Service (DoS)

libpoppler.so is vulnerable to Denial of Service DoS. The vulnerability exists in the readXRefTable function in XRef.cc because it does not properly validate the user-inputs, which allows an attacker to cause an application crash...

7.5CVSS6.7AI score0.00891EPSS
Exploits1References4Affected Software1
vulnrichment
vulnrichment
added 2023/10/04 12:29 p.m.17 views

CVE-2023-4495 Easy Chat Server XSS vulnerability

Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability stored via /registresult.htm POST method, in the Resume parameter. The XSS is loaded from /register.ghp...

6.1CVSS5.1AI score0.0037EPSS
Exploits1References1
veracode
veracode
added 2023/10/02 8:14 p.m.28 views

Code Injection

edge is vulnerable to Code Injection. The vulnerability exists because the library does not properly validate user inputs script allowing an attacker to inject and execute malicious code...

9.8CVSS7.2AI score0.01424EPSS
Exploits0References7Affected Software1
veracode
veracode
added 2023/08/25 1:46 p.m.17 views

Use After Free

Dpic is vulnerable to Use After Free. This vulnerability exists in the 'thedeletestringbox' function of 'dpic.y' due to the lack of validation of user inputs, which allows an attacker to exploit it through the use of maliciously crafted input...

9.8CVSS6.8AI score0.00634EPSS
Exploits0References2Affected Software1
veracode
veracode
added 2023/08/25 8:17 a.m.12 views

Cross-site Scripting (XSS)

silverstripe/admin is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the tinymce.js due to lack of sanitization of user inputs during editing which allows an attacker to inject and execute arbitrary JavaScript into a victims browser...

6.7AI score
Exploits0
veracode
veracode
added 2023/08/22 10:33 a.m.20 views

Cross-site Scripting (XSS)

cockpit-hq/cockpit is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the index.php due to lack of sanitization of user inputs during installation which allows an attacker to inject and execute arbitrary javascript into a victims browser...

6.1CVSS6.8AI score0.02287EPSS
Exploits1References4Affected Software1
veracode
veracode
added 2023/08/06 9:32 a.m.19 views

Cross-Site Scripting (XSS)

gitlab is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape user inputs before it output to the front end when creating new abuse reports, allowing an attacker to inject and execute malicious javascript on victim's browser...

6.1CVSS6.1AI score0.00612EPSS
Exploits0References4Affected Software1
prion
prion
added 2023/06/22 12:15 p.m.24 views

Cross site scripting

Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting XSS. Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is...

4.9CVSS5.6AI score0.00349EPSS
Exploits0References2Affected Software1
veracode
veracode
added 2023/05/30 10:3 a.m.19 views

Cross-Site Scripting (XSS)

craftcms/cms is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly sanitize user inputs before it outputs to the front end, allowing an attacker to inject and execute malicious javascript through the reviewSession function in AssetIndexer.ts...

5.5CVSS6AI score0.00653EPSS
Exploits1References3Affected Software1
veracode
veracode
added 2023/05/21 6:32 a.m.35 views

Remote Code Execution (RCE)

umbracocms is vulnerable to Remote Code Execution RCE. Lack of proper checking of supplied user inputs via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx allows an attacker to upload and execute malicious code on the system...

7.2CVSS7.9AI score0.0412EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder