CVE-2019-10679

Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILESX86%\Thomson Reuters\Eikon permissions...

Path traversal

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier when accessing a vulnerable method of SoundUploadServlet which may lead to uploading executable files to non-specified directories...

CVE-2020-25031

checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file...

CVE-2020-25031

checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file...

CVE-2020-25031

The CVE-2020-25031 issue affects checkinstall 1.6.2. When used to create a package that contains a symlink, it may trigger the creation of a mode 0777 executable file. No other technical details (affected platforms, exact root cause beyond this behavior, exploitation status, or available patches)...

CVE-2020-25031

checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file...

Huawei EulerOS: Security Advisory for flatpak (EulerOS-SA-2020-1846)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Acronis: Local Privilege Escalation via EXE hijacking with Acronis True Image 2021 installer

Vulnerability description not provided...

EulerOS 2.0 SP8 : flatpak (EulerOS-SA-2020-1846)

According to the version of the flatpak packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the applyextra script sandbox, which allows attackers to modify a host-si...

Sinter - A User-Mode Application Authorization System For MacOS Written In Swift

Sinter is a 100% user-mode endpoint security agent for macOS 10.15 and above, written in Swift. Sinter uses the user-mode EndpointSecurity API to subscribe to and receive authorization callbacks from the macOS kernel, for a set of security-relevant event types. The current version of Sinter...

Design/Logic Flaw

radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parsetypedef in typedwarf.c via a malformed DWATname in the .debuginfo section...

Command Execution Vulnerability in Media Mate

Media Mate is a media center similar to Plex. Media Mate has a command execution vulnerability that can be exploited by an attacker to execute a malicious exe file...

CVE-2020-13866

WinGate v9.4.1.5998 is affected by an Insecure Permissions Elevation of Privilege vulnerability: the installation directory grants full control to authenticated users, enabling local attackers to replace an executable with a Trojan horse and escalate privileges (often to SYSTEM) after a restart. ...

Foxit PhantomPDF code issue vulnerability (CNVD-2020-32467)

Foxit PhantomPDF is China's Foxit Foxit company a PDF document reader. A security vulnerability exists in Foxit PhantomPDF versions prior to 8.3.6. The vulnerability can be exploited by an attacker to execute arbitrary applications with the help of an embedded executable file...

Design/Logic Flaw

An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029...

CVE-2020-12828

CVE-2020-12828 affects the AnchorFree VPN SDK prior to 1.3.3.218. The vulnerable component is the VPN SDK service, which binds a socket on localhost and uses a provided path to a executable file, leading to execution of that malicious file with SYSTEM privileges. The connected Red Hat and CNVD en...

Command Injection

radare2 is vulnerable to command injection. A command injection vulnerability exists in the function binsymbols in libr/core/cbin.c. An attacker is able to execute arbitrary shell commands using a malicious executable file due to improper handling of symbol names embedded in executables...

Malicious Package

atlas-client is a malicious package. The package typosquats on the original package atlasclient and executes malicious code in a portable executable hidden in a .png file...

TestLink File Upload Vulnerability

TestLink is a set of open source software for managing the software testing process and providing statistical analysis. A file upload vulnerability exists in the keywordImport.php file in TestLink version 1.9.20. A remote attacker can exploit this vulnerability by uploading a file with an...

CVE-2019-3719

Dell support agent fails to properly identify the origin of updates. By DNS spoofing and crafted payloads, an attacker can serve up an executable file that the support agent will run as system. Recent assessments: bwatters-r7 at July 18, 2019 9:47pm UTC reported: As exploits go, being able to ser...