304 matches found
Microsoft MPEG-2 Video Extension 安全漏洞
Microsoft MPEG-2 Video Extension is a Microsoft Corporation USA playback of MPEG video in popular video applications on Windows 10 devices. A security vulnerability exists in Microsoft MPEG-2 Video Extension. An attacker could exploit the vulnerability to remotely execute code. The following...
CVE-2018-1000209
Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability in Sensu Core on Windows platforms that can result in Unprivileged users may execute code in context of Sensu service account. This attack appear to be exploitable via Unprivileged user may place a...
CVE-2019-2799
Vulnerability in the Oracle ODBC Driver component of Oracle Database ServerPRIVILEGE CANNOT BE NONE FOR AUTHENTICATED ATTACKS. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Difficult to exploit vulnerability allows low privileged attacker having None privilege wit...
CVE-2003-1126
Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service...
CVE-2024-3220 Default mimetype known files writeable on Windows
There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the...
CVE-2024-0622
Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation...
Microsoft Message Queuing 安全漏洞
Microsoft Message Queuing is used to implement solutions for asynchronous and synchronous scenarios that require high performance. A security vulnerability exists in Microsoft Message Queuing. An attacker could exploit this vulnerability to obtain sensitive information. The following products and...
BIT-NODE-MIN-2021-22921
Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PAT...
BIT-NODE-MIN-2022-32223
Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine: OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf”...
CVE-2024-45720 Apache Subversion: Command line argument injection on Windows platforms
On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables e.g., svn.exe, etc. may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line...
CVE-2024-45720 Apache Subversion: Command line argument injection on Windows platforms
On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables e.g., svn.exe, etc. may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line...
CVE-2024-45720 Apache Subversion: Command line argument injection on Windows platforms
On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables e.g., svn.exe, etc. may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line...
CVE-2024-45720
CVE-2024-45720 affects Subversion on Windows: a flawed “best fit” character encoding conversion of command-line arguments to svn.exe can cause misinterpretation of arguments, enabling argument injection and execution of other programs. Affected: all Subversion versions up to 1.14.3 on Windows; fi...
SUSE CVE-2024-45720
On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables e.g., svn.exe, etc. may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line...
PT-2024-31739
Name of the Vulnerable Software and Affected Versions: Apache Subversion versions up to and including 1.14.3 Description: On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables may lead to unexpected command line argument...
GHSA-XM4R-5RJ9-2PG3 gratient 0.5 contains credential harvesting code
gratient is a user-facing library for generating color gradients of text. Version 0.5 contained obfuscated, malicious code targeting Windows platforms, harvesting information and credentials from the user's system and sending them to a remote server. Services may include Mullvad VPN and Telegram...
PT-2024-24457 · Python +1 · Cpython +1
Name of the Vulnerable Software and Affected Versions: CPython versions 3.5 through latest Description: The issue arises from the "socket" module's pure-Python fallback for the socket.socketpair function on platforms that don't support AF UNIX, such as Windows. This implementation uses AF INET or...
Microsoft Streaming Service Resource Management Error Vulnerability
Microsoft Streaming Service is a video platform from Microsoft Corporation USA. A resource management error vulnerability exists in Microsoft Streaming Service. An attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected:Windows 10 Version...
CVE-2024-0622
Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation...
CVE-2024-0622
Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation...