Show filters
998 Total Results
Displaying 71-80 of 998
Sort by:
Attacker Value
Unknown
CVE-2023-34045
Disclosure Date: October 20, 2023 (last updated October 28, 2023)
VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during
installation for the first time (the user needs to drag or copy the
application to a folder from the '.dmg' volume) or when installing an
upgrade. A malicious actor with local non-administrative user privileges may
exploit this vulnerability to escalate privileges to root on the system
where Fusion is installed or being installed for the first time.
0
Attacker Value
Unknown
CVE-2023-34046
Disclosure Date: October 20, 2023 (last updated October 28, 2023)
VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use)
vulnerability that occurs during installation for the first time (the
user needs to drag or copy the application to a folder from the '.dmg'
volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may
exploit this vulnerability to escalate privileges to root on the system
where Fusion is installed or being installed for the first time.
0
Attacker Value
Unknown
CVE-2023-34044
Disclosure Date: October 20, 2023 (last updated October 28, 2023)
VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds
read vulnerability that exists in the functionality for sharing host
Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual
machine may be able to read privileged information contained in
hypervisor memory from a virtual machine.
0
Attacker Value
Unknown
CVE-2023-38206
Disclosure Date: September 14, 2023 (last updated October 08, 2023)
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints resulting in a low-confidentiality impact. Exploitation of this issue does not require user interaction.
0
Attacker Value
Unknown
CVE-2023-38204
Disclosure Date: September 14, 2023 (last updated October 08, 2023)
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
0
Attacker Value
Unknown
CVE-2021-40699
Disclosure Date: September 07, 2023 (last updated October 08, 2023)
ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.
0
Attacker Value
Unknown
CVE-2021-40698
Disclosure Date: September 07, 2023 (last updated November 08, 2023)
ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass . An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.
0
Attacker Value
Unknown
CVE-2023-4480
Disclosure Date: September 05, 2023 (last updated October 08, 2023)
Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write files to arbitrary locations, provided the files pass the application’s mime-type and file extension validation.
0
Attacker Value
Unknown
CVE-2023-2453
Disclosure Date: September 05, 2023 (last updated October 08, 2023)
There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a ‘.php’ file payload.
0
Attacker Value
Unknown
CVE-2023-4534
Disclosure Date: August 25, 2023 (last updated October 08, 2023)
A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Affected is an unknown function of the file /fusion/portal/action/Link. The manipulation of the argument link leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238026 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
0