UBUNTU-CVE-2024-0076

NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service...

Macro Expert 安全漏洞

Macro Expert is a robotic process automation software from Macro Expert. A security vulnerability exists in Macro Expert 4.9.4 and prior versions that originates from allowing access to the GrassSoftMacro Expert folder, where an unprivileged user can upgrade MacroService to the SYSTEM .exe binary...

PT-2024-21455 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the x86/efistub in the Linux kernel, where the .compat section, a dummy PE section containing the address of the 32-bit entrypoint of the 64-bit kernel image, i...

@electron/packager's build process memory potentially leaked into final executable

Impact A random segment of 1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This memory could contain sensitive information such as environment variables, secrets files, etc. Patches This issue is patched in 18.3.1 Workarounds No...

CVE-2024-29900

Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of 1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This...

TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy

A botnet previously considered to be rendered inert has been observed enslaving end-of-life EoL small home/small office SOHO routers and IoT devices to fuel a criminal proxy service called Faceless. "TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from...

[SECURITY] Fedora 40 Update: pandoc-cli-3.1.3-29.fc40

Pandoc-cli provides a command-line executable that uses the pandoc library to convert between markup formats...

CVE-2024-0259

Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is vulnerable to privilege escalation. A low-privileged user can overwrite the service executable; upon service restart, the replaced binary runs with SYSTEM privileges. Affected: Windows agents before 3.04. Mitigation: up...

SUSE-SU-2024:1046-1 Security update for PackageKit

This update for PackageKit fixes the following issues: - CVE-2024-0217: Check that Finished signal is emitted at most once bsc1218544. - Dropped unnecessary executable permission bsc1209138...

CVE-2024-28131

EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed...

CVE-2024-28131

Affected software: EasyRange Ver 1.41. What is vulnerable: The executable file search path when displaying an extracted file on Explorer may allow loading an executable file that resides in the same folder as the extracted file. Impact: If exploited, arbitrary code may be executed with the privil...

CVE-2024-28131

EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed...

"EasyRange" may insecurely load executable files

Overview "EasyRange" provided by sira.jp according to the original report submitted by the reporter is a tool to extract compressed files. "EasyRange" contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file...

PT-2024-22281 · Easyrange · Easyrange

Name of the Vulnerable Software and Affected Versions: EasyRange Ver 1.41 Description: The issue with the executable file search path when displaying an extracted file on Explorer may lead to loading an executable file that resides in the same folder where the extracted file is placed. If this...

Zscaler Client Connector 安全漏洞

Zscaler Client Connector is an application from zscaler. An application installed on a device that ensures that Internet traffic and access to an organization's internal applications are secure and in compliance with the organization's policies, even when not on the corporate network. A security...

JVN#13113728: "EasyRange" may insecurely load executable files

"EasyRange" provided by sira.jp according to the original report submitted by the reporter is a tool to extract compressed files. "EasyRange" contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides ...

Distrobox 安全漏洞

Distrobox is an application by Luca Di Maio Personal Developer. Containers can be created using podman, docker or liipod. A security vulnerability exists in Distrobox versions prior to 1.7.0.1 that could allow an attacker to execute arbitrary code via command injection into an exported executable...

SUSE CVE-2024-27303

electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh...

CVE-2023-39933

Insufficient verification vulnerability exists in Broadcast Mail CGI pmc.exe included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a user who can upload files through the product may execute an arbitrary executable file with the web server's execution...

CVE-2024-2193

A Speculative Race Condition SRC vulnerability that impacts modern CPU architectures supporting speculative execution related to Spectre V1 has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the...