Show filters
469 Total Results
Displaying 161-170 of 469
Sort by:
Attacker Value
Unknown
CVE-2023-39677
Disclosure Date: September 20, 2023 (last updated February 25, 2025)
MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php.
0
Attacker Value
Unknown
CVE-2023-41902
Disclosure Date: September 20, 2023 (last updated February 25, 2025)
An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by crafting malicious .pkg files.
0
Attacker Value
Unknown
CVE-2023-4806
Disclosure Date: September 18, 2023 (last updated February 25, 2025)
A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.
0
Attacker Value
Unknown
CVE-2023-4527
Disclosure Date: September 18, 2023 (last updated February 25, 2025)
A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.
0
Attacker Value
Unknown
CVE-2023-38163
Disclosure Date: September 12, 2023 (last updated January 11, 2025)
Windows Defender Attack Surface Reduction Security Feature Bypass
0
Attacker Value
Unknown
CVE-2020-24088
Disclosure Date: September 11, 2023 (last updated October 08, 2023)
An issue was discovered in MmMapIoSpace routine in Foxconn Live Update Utility 2.1.6.26, allows local attackers to escalate privileges.
0
Attacker Value
Unknown
CVE-2023-3899
Disclosure Date: August 23, 2023 (last updated February 25, 2025)
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.
0
Attacker Value
Unknown
CVE-2023-28690
Disclosure Date: August 17, 2023 (last updated February 25, 2025)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Steinbrecher WP BrowserUpdate plugin <= 4.5 versions.
0
Attacker Value
Unknown
CVE-2023-22841
Disclosure Date: August 11, 2023 (last updated February 25, 2025)
Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.
0
Attacker Value
Unknown
CVE-2023-28830
Disclosure Date: August 08, 2023 (last updated February 25, 2025)
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process.
0