15 matches found
EUVD-2024-32987
Malicious code in bioql PyPI...
EUVD-2023-2640
Malicious code in bioql PyPI...
CVE-2024-10228
The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23...
CVE-2024-10228
The CVE-2024-10228 entry concerns the Vagrant VMWare Utility Windows installer, where the installer places files into a custom, non-protected path that can be modified by an unprivileged user, enabling unauthorized file-system writes. This root cause is described across multiple sources and versi...
CVE-2024-10228 Vagrant VMWare Utility installation files vulnerable to modification by unprivileged user
The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23...
Adobe After Effects 缓冲区错误漏洞
Adobe After Effects is a suite of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D compositing, animation and visual effects production. A buffer error vulnerability exists in Adobe After Effects, which stems...
CVE-2024-45593
CVE-2024-45593 affects the Nix package manager. A bug in Nix 2.24 prior to 2.24.6 lets a substituter or malicious user craft a NAR that, when unpacked by Nix, writes to arbitrary filesystem locations accessible to the Nix process, with root privileges when using the Nix daemon. Multiple connected...
GHSA-47XW-VW6M-W9FQ HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0...
CVE-2023-5834
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0...
CVE-2023-5834 Vagrant’s Windows Installer Allowed Directory Junction Write
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0...
Adobe ColdFusion path traversal vulnerability
Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. Adobe ColdFusion is vulnerable to a path traversal vulnerability that could be exploited to cause arbitrary file system writes...
Adobe InCopy Memory Out-of-Bounds Access Vulnerability (CNVD-2021-87304)
Adobe InCopy is a professional word processing program from Adobe that is integrated with Adobe InDesign. Adobe InCopy 16.3.1, 16.3 and earlier versions are vulnerable to a memory out-of-bounds access vulnerability. An attacker could exploit the vulnerability to achieve arbitrary file system writ...
CVE-2020-1337
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs...
CVE-2018-6547
playsservice.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYSTEM to the file when the extractfiles...
Microsoft Windows Printing Backend Handler Elevation of Privilege Vulnerability
Microsoft Windows is a series of operating systems released by Microsoft.Print Spooler service is one of the print service components. An elevation of privilege vulnerability exists in the Microsoft Windows Print Spooler Server, which arises from the program failing to properly allow arbitrary...