Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-24046 |
An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility. Published: December 04, 2023; 6:15:23 PM -0500 |
V4.0:(not available) V3.1: 6.8 MEDIUM V2.0:(not available) |
CVE-2023-21403 |
In RGXDestroyZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Published: December 04, 2023; 6:15:23 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-21402 |
In MMU_UnmapPages of mmu_common.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Published: December 04, 2023; 6:15:23 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-21401 |
In DevmemIntChangeSparse of devicemem_server.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Published: December 04, 2023; 6:15:22 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-21263 |
In OSMMapPMRGeneric of pmr_os.c, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Published: December 04, 2023; 6:15:22 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-21228 |
In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Published: December 04, 2023; 6:15:22 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-21227 |
In HTBLogKM of htbserver.c, there is a possible information disclosure due to log information disclosure. This could lead to local information disclosure in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Published: December 04, 2023; 6:15:22 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-21218 |
In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Published: December 04, 2023; 6:15:22 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-21217 |
In PMRWritePMPageList of TBD, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Published: December 04, 2023; 6:15:22 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-21216 |
In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Published: December 04, 2023; 6:15:22 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-21215 |
In DevmemIntAcquireRemoteCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Published: December 04, 2023; 6:15:22 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-21166 |
In RGXBackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Published: December 04, 2023; 6:15:22 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-21164 |
In DevmemIntMapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Published: December 04, 2023; 6:15:22 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-21163 |
In PMR_ReadBytes of pmr.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Published: December 04, 2023; 6:15:22 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-21162 |
In RGXUnbackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Published: December 04, 2023; 6:15:22 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-6063 |
The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. Published: December 04, 2023; 5:15:08 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-5990 |
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks Published: December 04, 2023; 5:15:08 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-5979 |
The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products Published: December 04, 2023; 5:15:08 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-5953 |
The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server Published: December 04, 2023; 5:15:08 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-5952 |
The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog Published: December 04, 2023; 5:15:08 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |