Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-8855

Malware in sbrugna...

9.8CVSS7.1AI score0.02314EPSS
Exploits3References5
RedhatCVE
RedhatCVE
added 2025/05/22 9:56 p.m.10 views

CVE-2022-24138

IOBit Advanced System Care Asc.exe 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with ...

7.8CVSS7.5AI score0.00523EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/11/25 3:26 p.m.22 views

Artifact poisoning vulnerability in action-download-artifact v5 and earlier

Summary In versions of dawidd6/action-download-artifact before v6, a repository's forks were also searched by default when attempting to find matching artifacts. This could be exploited by an unprivileged attacker to introduce compromised artifacts such as malicious executables into a privileged...

6.9AI score
Exploits0References4Affected Software1
OSV
OSV
added 2024/11/25 3:26 p.m.3 views

GHSA-5XR6-XHWW-33M4 Artifact poisoning vulnerability in action-download-artifact v5 and earlier

Summary In versions of dawidd6/action-download-artifact before v6, a repository's forks were also searched by default when attempting to find matching artifacts. This could be exploited by an unprivileged attacker to introduce compromised artifacts such as malicious executables into a privileged...

8.7CVSS6.9AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/07/06 1:15 p.m.6 views

CVE-2022-24138

IOBit Advanced System Care Asc.exe 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with ...

7.8CVSS7.5AI score0.00523EPSS
Exploits0References4
CVE
CVE
added 2022/07/06 12:41 p.m.67 views

CVE-2022-24138

CVE-2022-24138 affects IOBit Advanced System Care (Asc.exe) 15 and Action Download Center. The root cause is that components are downloaded into the ProgramData folder, which has broad (rwx) permissions for unprivileged users, allowing a low-privilege user to exploit SetOpLock to wait for CreateP...

7.8CVSS7.7AI score0.00523EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/07/06 12:0 a.m.4 views

IOBit Advanced System Care (Asc.exe) 15、Action Download Center 安全漏洞

IOBit Advanced System Care Free and IOBit Action Download Center are both products of the British company IOBit.IOBit Advanced System Care Free is a system management utility. The program is mainly used for scanning, repairing and optimizing the system, etc.IOBit Action Download Center is a...

7.8CVSS7.5AI score0.00523EPSS
Exploits0References4
Rows per page
Query Builder