Show filters
469 Total Results
Displaying 71-80 of 469
Sort by:
Attacker Value
Unknown

CVE-2024-9675

Disclosure Date: October 09, 2024 (last updated March 13, 2025)
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
0
Attacker Value
Unknown

CVE-2024-44042

Disclosure Date: October 06, 2024 (last updated February 28, 2025)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fahad Mahmood WP Datepicker allows Stored XSS.This issue affects WP Datepicker: from n/a through 2.1.1.
Attacker Value
Unknown

CVE-2024-9345

Disclosure Date: October 04, 2024 (last updated February 26, 2025)
The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is only exploitable when notices are present.
Attacker Value
Unknown

CVE-2024-9407

Disclosure Date: October 01, 2024 (last updated February 26, 2025)
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.
0
Attacker Value
Unknown

CVE-2024-9355

Disclosure Date: October 01, 2024 (last updated March 05, 2025)
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.
0
Attacker Value
Unknown

CVE-2024-45770

Disclosure Date: September 19, 2024 (last updated February 26, 2025)
A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.
0
Attacker Value
Unknown

CVE-2024-45769

Disclosure Date: September 19, 2024 (last updated February 26, 2025)
A vulnerability was found in Performance Co-Pilot (PCP).  This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash.
0
Attacker Value
Unknown

CVE-2024-23599

Disclosure Date: September 16, 2024 (last updated February 26, 2025)
Race condition in Seamless Firmware Updates for some Intel(R) reference platforms may allow a privileged user to potentially enable denial of service via local access.
0
Attacker Value
Unknown

CVE-2024-43492

Disclosure Date: September 10, 2024 (last updated February 26, 2025)
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
Attacker Value
Unknown

CVE-2023-43078

Disclosure Date: August 28, 2024 (last updated February 26, 2025)
Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.