CVE-2025-55582

D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script mydlink-watch-dog.sh, which blindly respawns binaries such as dcp and signalc without verifying integrity, authenticity, or permissions. An attacker with local filesystem access via physical access, firmware...

CVE-2025-55581

D-Link DCS-825L firmware version 1.08.01 and possibly prior versions contain an insecure implementation in the mydlink-watch-dog.sh script. The script monitors and respawns the dcp and signalc binaries without validating their integrity, origin, or permissions. An attacker with filesystem access...

CVE-2025-55581

CVE-2025-55581 affects the D-Link DCS-825L firmware (1.08.01 and possibly earlier). The vulnerability lies in the mydlink-watch-dog.sh watchdog script, which restarts the dcp and signalc binaries without validating their integrity, origin, or permissions. An attacker with filesystem access (for e...

CVE-2023-28804

An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105...

CVE-2020-17381

An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary...

CVE-2025-0834

Privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. This vulnerability could allow an attacker to escalate privileges by replacing the binary ‘C:\ProgramData\Wondershare\wsServices\ElevationService.exe’ with a malicious binary. This binary will be executed by...

CVE-2024-27674

Macro Expert through 4.9.4 allows BUILTIN\Users:OICIM access to the "%PROGRAMFILESX86%\GrassSoft\Macro Expert" folder and thus an unprivileged user can escalate to SYSTEM by replacing the MacroService.exe binary...

Untrusted Search Path

PanelSwWix4.Sdk is vulnerable to Untrusted Search Path. The vulnerability is due to Burn's practice of copying binaries to the unprotected C:\Windows\Temp directory and running them from that unprotected location. This directory is not adequately protected against low privilege user modifications...

PT-2024-15241 · Openvpn +1 · Openvpn +1

Name of the Vulnerable Software and Affected Versions: OpenVPN versions prior to 2.6.9 Description: The OpenVPN GUI installer did not set proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path. This allows an attacker to...

OpenVPN Security Vulnerabilities

OpenVPN is a software package from US-based OpenVPN for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows the created VPN to be authenticated using a public key, an electronic certificate, or a...

CVE-2023-32479

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by...

Important: Red Hat Security Advisory: OpenJDK 11.0.22 security update

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

CVE-2023-28804

An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105...

Design/Logic Flaw

An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105...

Zscaler Client Connector Data Forgery Issue Vulnerability

Zscaler Client Connector is an application from zscaler. An application that is installed on a device to ensure that Internet traffic and access to an organization's internal applications are secure and in compliance with the organization's policies, even when not on the corporate network. A...

CVE-2023-27593 cilium-agent container can access the host via `hostPath` mount

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to /opt/cni/bin due to a hostPath mount of that directory in the agent pod. By replacing the CNI binary...

CVE-2022-23334

The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE...

InstallBuilder安全特征问题漏洞

Vmware InstallBuilder is a multi-platform installer development and automatic update tool from Vmware, Inc. A security vulnerability exists in InstallBuilder that stems from the fact that under certain circumstances on the InstallBuilder Windows version, the uninstaller binary copies itself to a...

Eclipse Che 安全漏洞

Eclipse Che is an open source Java-based online integrated development environment IDE from the Eclipse Foundation. A security vulnerability exists in Eclipse Che, which stems from a security issue in the language stack build of Eclipse Che version 6. An attacker who successfully exploited the...

Guild Wars 2 安全漏洞

Guild Wars 2 Guild Wars 2 is a role-playing computer client game. A security vulnerability exists in Guild Wars 2 launcher version 106916, which stems from improper privilege control. An authenticated attacker can use this vulnerability to modify an existing executable file with a binary of his...