Trend Micro Apex One 代码问题漏洞

Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities. Trend Micro Apex One suffers from a code issue vulnerability that stems from the application allowing the inclusion of libraries from the...

Adobe After Effects Uncontrolled Search Path Element Vulnerability

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. A security vulnerability exists in Adobe After Effects 18.1 and earlier...

Hugo can execute a binary from the current directory on Windows

Impact Hugo depends on Go's os/exec for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system %PATH% on Windows. However, if a malicious file with the same name exe or bat is found in the current working directory at the time of running hugo, the...

GHSA-8J34-9876-PVFQ Hugo can execute a binary from the current directory on Windows

Impact Hugo depends on Go's os/exec for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system %PATH% on Windows. However, if a malicious file with the same name exe or bat is found in the current working directory at the time of running hugo, the...

Lex Li vscode-restructuredtext 访问控制错误漏洞

Lex Li vscode-restructuredtext is a Lex Li open source application. This extension provides rich reStructuredText language support for Visual Studio Code.An access control error vulnerability exists in versions prior to Lex Li vscode-restructuredtext 146.0.0, which stems from the inclusion of an...

CVE-2021-29658

The CVE-2021-29658 entry concerns the vscode-rufo extension for Visual Studio Code, specifically versions before 0.0.4. The vulnerability allows an attacker to execute arbitrary binaries/code when a user opens a crafted workspace folder. Concrete details across connected documents consistently de...

CVE-2021-20206

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...

CVE-2021-20206

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...

Design/Logic Flaw

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...

Cisco IOS XE Fast Reload Vulnerability (CNVD-2021-50584)

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. Cisco IOS XE suffers from a fast reload vulnerability that can be exploited by an attacker to execute arbitrary code on the underlying operating system, install and boot a malware...

CVE-2021-28956

The unofficial vscode-sass-lint aka Sass Lint extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

Microsoft Visual Studio Code 安全漏洞

Microsoft Visual Studio Code is an open source code editor from Microsoft Corporation USA. A security vulnerability in Microsoft Visual Studio Code vscode-sass-lint 1.0.7 allows an attacker to execute arbitrary binaries when a user opens a crafted workspace...

Joseph Benden C/C++ Advanced Lint 代码问题漏洞

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A code injection vulnerability in Microsoft Visual Studio Code unofficial C/C++ Advanced Lint extension prior to version 1.9.0 can be exploited by an attacker to execute arbitrary binaries when a user opens a carefully...

Arbitrary Path Injection

github.com/containernetworking/cni is vulnerable to arbitrary path injection. A user is be able to change the type: field in a CNI configuration to an arbitrary path and could execute arbitrary binaries on a host...

CVE-2021-20206

An improper limitation of path name flaw was found in containernetworking/cni. When specifying the plugin to load in the type field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an...

Razer Chroma SDK Server 3.16.02 - Race Condition Remote File Execution Exploit

Exploit Title: Razer Chroma SDK Server 3.16.02 - Race Condition Remote File Execution Exploit Author: Loke Hui Yi Vendor Homepage: https://razerid.razer.com Software Link: http://rzr.to/synapse-3-pc-download Version: , and create an exe file with the same application's name in that folder. The Ap...

CVE-2020-28045

An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA signature verified in...

okular security update

4.10.5-9 - Document::processAction: If the url points to a binary, dont run it Resolves: bz1821451...

SNOWCRASH - A Polyglot Payload Generator

A polyglot payload generator Introduction SNOWCRASH creates a script that can be launched on both Linux and Windows machines. Payload selected by the user in this case combined Bash and Powershell code is embedded into a single polyglot template, which is platform-agnostic. There are few payloads...

ALPINE-CVE-2020-15397

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...