SUSE CVE-2019-11696

Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability...

SUSE CVE-2022-25255

In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH...

CVE-2022-48199

SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a malicious binary with potentially higher privileges via a low-privileged user account that abuses the Notifications function. The Notifications function allows for arbitrary binary execution and can be modified by any user. The...

CVE-2022-48199

SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a malicious binary with potentially higher privileges via a low-privileged user account that abuses the Notifications function. The Notifications function allows for arbitrary binary execution and can be modified by any user. The...

Design/Logic Flaw

SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a malicious binary with potentially higher privileges via a low-privileged user account that abuses the Notifications function. The Notifications function allows for arbitrary binary execution and can be modified by any user. The...

CVE-2022-48199

SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a malicious binary with potentially higher privileges via a low-privileged user account that abuses the Notifications function. The Notifications function allows for arbitrary binary execution and can be modified by any user. The...

CVE-2022-48199

SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a malicious binary with potentially higher privileges via a low-privileged user account that abuses the Notifications function. The Notifications function allows for arbitrary binary execution and can be modified by any user. The...

CVE-2022-48199

SoftPerfect NetWorx 7.1.1 (Windows) is affected by a vulnerability where the Notifications function can be modified by any user to execute an arbitrary binary, potentially with higher privileges, and the resulting binary runs in the context of every user running NetWorx. The root cause is the abi...

SUSE SLES15 Security Update : cni (SUSE-SU-2022:4150-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:4150-1 advisory. - An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load...

AlmaLinux 9 : qt5 (ALSA-2022:8022)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:8022 advisory. - In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not foun...

buildah: possible information disclosure and modification

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able t...

Moderate: Red Hat Security Advisory: qt5 security and bug fix update

An update for qt5 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

qt5 security and bug fix update

An update is available for qt5. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Qt5 libraries packages provide Qt 5, version 5 of the Qt cross-platform...

SUSE SLES15 Security Update : buildah (SUSE-SU-2022:3655-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3655-1 advisory. - A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building ...

Information Disclosure

github.com/cri-o/cri-o is vulnerable to information disclosure.The vulnerability exists in setupContainerUser function in containercreate.go due to incorrect handling of the supplementary groups which allows an attacker to gain permissions and execute a binary code via container...

Code injection

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...

CVE-2022-30580 Empty Cmd.Path can trigger unintended binary in os/exec on Windows

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...

CVE-2022-30580

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...

CVE-2022-30580 Empty Cmd.Path can trigger unintended binary in os/exec on Windows

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...

CVE-2022-30580

Technical details for CVE-2022-30580 are not publicly provided in the supplied documents. No affected products, impact, or fixes are specified here. Please consult primary sources or follow-up disclosures for confirmed technical details and remediation guidance.