ROS-20240402-17

A vulnerability in the net/http package of the Go programming language is related to information disclosure. vulnerability could allow a remote attacker to disclose protected information. A vulnerability in the cmd-go component of the Go programming language is related to public data transmission...

BIT-GOLANG-2022-23773

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...

BIT-ARGO-CD-2021-23347

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting XSS the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user...

GHSA-R4PF-3V7R-HH55 electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)

Impact Windows-Only: The NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh installer script. NSExec by default searches the current directory of where the installer is located before searching PATH. This means that if an attacker can place a malicious executable file named...

Checkmk < 2.1.0p40, 2.2.x < 2.2.0p23 Privilege Escalation Vulnerability

Checkmk is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; if...

DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra aka DarkCasino targeting financial market traders. Trend Micro, which began tracking the campaign in late December 2023, said it entails...

Exploit for CVE-2022-25765

CVE-2022-25765 Exploit A small POC exploit for CVE-2022-25765,...

OESA-2024-1075 proftpd security update

ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...

The vulnerability of the cmd-go programming language component, which allows a perpetrator to gain unauthorized access to protected information

The vulnerability of the cmd-go component in the Go programming language is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...

CVE-2023-51772

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...

CVE-2022-39818

In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system...

PT-2023-13730 · Nokia · Nokia Nfm-T

Name of the Vulnerable Software and Affected Versions: NOKIA NFM-T version R19.9 Description: An OS Command Injection issue occurs in the /cgi-bin/R19.9/log.pl endpoint of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands with root privileges...

UBUNTU-CVE-2023-51713

makeftpcmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics...

CVE-2023-49147

An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions e.g., an oplock on faxPrnInst.log to open...

PT-2023-31066 · Pdf24 · Pdf24 Creator

Name of the Vulnerable Software and Affected Versions: PDF24 Creator version 11.14.0 Description: An issue was discovered in the configuration of the msi installer file of PDF24 Creator, which produces a visible cmd.exe window when using the repair function of msiexec.exe. This allows an...

CVE-2023-45285

A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure "git://" if trying to fetch a .git module that has no "https://" or "git+ssh://" available. Mitigation This issue only affects users who are not using the module proxy and are fetching modules directly i.e...

CVE-2023-33088

Memory corruption when processing cmd parameters while parsing vdev...

Memory corruption

Memory corruption when processing cmd parameters while parsing vdev...

CVE-2023-33088 NULL pointer dereference in WLAN Firmware

Memory corruption when processing cmd parameters while parsing vdev...

CVE-2023-33088

CVE-2023-33088 relates to memory corruption when processing cmd parameters during vdev parsing in Qualcomm chipsets. The connected CVE record also references a NULL pointer dereference in WLAN Firmware as a related detail. Public data here does not provide explicit affected models, versions, or a...