257 matches found
CVE-2025-51387
The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be...
CVE-2024-25249
An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings...
Moderate: skopeo security update
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: containers/image: digest type does not guarantee valid type CVE-2024-3727 golang: net: malformed DNS message can cause infinite...
FreeBSD : FreeBSD -- ktrace(2) fails to detach when executing a setuid binary (8fb61d94-771b-11ef-9a62-002590c1f29c)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8fb61d94-771b-11ef-9a62-002590c1f29c advisory. A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not...
eClass LMS 6.2.0 Shell Upload
==================================================================================================================================== | Title : eClass LMS v6.2.0 shell upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendo...
PT-2024-40828 · Git +1 · Gpac
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack-buffer-overflow crash. Technical details include a crash type of Stack-buffer-overflow WRITE 4. The crash state involves...
TAIF LMS 5.8.0 Shell Upload
==================================================================================================================================== | Title : TAIF LMS v5.8.0 shell upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendor ...
Important: skopeo security update
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 For more details about the securit...
Startup-SBOM - A Tool To Reverse Engineer And Inspect The RPM And APT Databases To List All The Packages Along With Executables, Service And Versions
This is a simple SBOM utility which aims to provide an insider view on which packages are getting executed. The process and objective is simple we can get a clear perspective view on the packages installed by APT currently working on implementing this for RPM and other package managers. This is...
Kap security breach
Kap is an open source screen recorder from Wulkano Open Source. Kap 3.6.0 version of the previous security vulnerability , the vulnerability stems from the RunAsNode and enableNodeClilnspectArguments settings can execute arbitrary code...
Hyper Security Vulnerability
hyper is a fast, correct HTTP implementation of Rust in the hyperium open source. A security vulnerability exists in Hyper prior to version 3.4.1, which stems from arbitrary code execution via the RunAsNode and enableNodeClilnspectArguments settings...
PT-2024-20050 · Loom · Loom
Name of the Vulnerable Software and Affected Versions: Loom on macOS version 0.196.1 and before Description: An issue in Loom allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. The vendor disputes this issue because it requires local...
PT-2023-31164 · Asana · Asana Desktop
Name of the Vulnerable Software and Affected Versions: Asana Desktop version 2.1.0 Description: The issue allows code injection due to specific Electron Fuses, with inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments. This can be...
CVE-2023-38817
An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echodriver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by...
Code injection
An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echodriver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by...
CVE-2023-38817
An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echodriver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by...
PT-2023-26610 · Inspect Element · Echo.Ac
Name of the Vulnerable Software and Affected Versions: Inspect Element Ltd Echo.ac version 5.2.1.0 Description: An issue in Inspect Element Ltd Echo.ac allows a local attacker to gain privileges via a crafted command to the echo driver.sys component. This issue has been reportedly used by various...
Inspect Element Echo.ac Security Vulnerability
Inspect Element Echo.ac is an application from Inspect Element, Inc. A security vulnerability exists in Inspect Element Echo.ac prior to version v.5.2.1.0, which stems from a vulnerability that allows a local attacker to gain privileges via the echodriver.sys component using a crafted command...
CVE-2023-38817
CVE-2023-38817 concerns Inspect Element Ltd Echo.ac v5.2.1.0. Red Hat and other sources confirm a local privilege escalation via a crafted command to the echo_driver.sys component, enabling a user to gain privileges (NT AUTHORITY\SYSTEM). The issue’s root cause is a problematic interaction with e...
CVE-2023-38817
An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echodriver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by...