CVE-2024-2193

A Speculative Race Condition SRC vulnerability that impacts modern CPU architectures supporting speculative execution related to Spectre V1 has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the...

PT-2024-18171 · Faronics · Faronics Deep Freeze Server Standard

Name of the Vulnerable Software and Affected Versions: Faronics Deep Freeze Server Standard versions 8.30.020.4627 and earlier Description: A search path or unquoted item vulnerability affects the DFServ.exe file, allowing an attacker with local user privileges to replace the legitimate DFServ.ex...

CVE-2024-22752

CVE-2024-22752 concerns an insecure permissions issue in EaseUS MobiMover version 6.0.5 Build 21620. Multiple sources (NVD, Red Hat, CNNVD, CVE listing) describe that an attacker can escalate privileges by exploiting a crafted executable launched from the application installation directory. The r...

CVE-2024-22752

Insecure permissions issue in EaseUS MobiMover 6.0.5 Build 21620 allows attackers to gain escalated privileges via use of crafted executable launched from the application installation directory...

CVE-2024-22752

Insecure permissions issue in EaseUS MobiMover 6.0.5 Build 21620 allows attackers to gain escalated privileges via use of crafted executable launched from the application installation directory...

Code injection

electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh...

CVE-2024-27303 electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)

electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh...

CVE-2024-27303 electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)

electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh...

BIT-PYTHON-2020-15801

In Python 3.8.4, sys.path restrictions specified in a python38.pth file are ignored, allowing code to be loaded from arbitrary locations. The .pth file e.g., the python.pth file is not affected...

BIT-ABANTECART-2022-26521

Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the CatalogMedia ManagerImages settings can be changed by an administrator e.g., by configuring .php to be a valid image file type...

electron-builder security vulnerability

electron-builder is a tool for packaging and building ready-to-distribute Electron, Proton Native applications for macOS, Windows, and Linux with out-of-the-box "auto-update" support. A security vulnerability exists in electron-builder prior to version 24.13.2, which stems from the fact that if a...

Privilege Escalation

app-builder-lib is vulnerable to Privilege escalation. The vulnerability is due to NSExec searching the current directory of the installer before searching the system's PATH when making a system call to open cmd.exe in the .nsh installer script. This flaw allows an attacker to exploit the situati...

PT-2024-21807

Name of the Vulnerable Software and Affected Versions electron-builder versions prior to 24.13.2 Description A vulnerability in electron-builder for Windows allows an attacker to execute a malicious file named cmd.exe if it is placed in the same folder as the installer. The NSIS installer makes a...

CVE-2024-25552

A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product...

CVE-2024-25552

A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product...

Path traversal

A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product...

CVE-2024-25552 Wiesemann & Theis: Multiple products prone to unquoted search path

A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product...

CVE-2024-25552

CVE-2024-25552 is a local privilege escalation described as unquoted search path traversal affecting Wiesemann & Theis products (e.g., Com Redirector Legacy and related components). The core issue is an unquoted search path that allows a local attacker to place an executable in the affected produ...

PT-2024-21000 · W&T +1 · Com Redirector Legacy +5

Name of the Vulnerable Software and Affected Versions: Product affected versions not specified Description: A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product. Recommendations: At the moment, there is no information about a newe...

Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems

The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index PyPI repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been...