PT-2024-29541 · Unknown · Skysea Client View

Name of the Vulnerable Software and Affected Versions: SKYSEA Client View versions 3.013.00 through 19.210.04e Description: A path traversal issue exists, allowing an arbitrary executable file to be executed by a user who can log in to the PC where the product's Windows client is installed...

CVE-2024-5402

Unquoted Search Path or Element vulnerability in ABB Mint Workbench. A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service. This issue affects Mint Workbench I versions: from 5866 before 58...

CVE-2024-39904

VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...

PT-2024-5036 · Nvidia +1 · Nvidia Cuda Toolkit +1

Name of the Vulnerable Software and Affected Versions: NVIDIA CUDA Toolkit affected versions not specified Description: The issue is related to an out-of-bounds read problem in the nvdisasm utility of the NVIDIA CUDA Toolkit. This can be exploited by deceiving a user into reading a malformed ELF...

CVE-2024-3863

The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

CVE-2024-3863

The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

CVE-2024-3863

The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

Security Vulnerabilities fixed in Firefox 125 — Mozilla

GetBoundName could return the wrong version of an object when JIT optimizations were applied. Memory corruption in the networking stack could have led to a potentially exploitable crash. A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage...

UBUNTU-CVE-2024-0076

NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service...

CVE-2024-28131

EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed...

CVE-2024-28131

EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed...

CVE-2024-28131

Affected software: EasyRange Ver 1.41. What is vulnerable: The executable file search path when displaying an extracted file on Explorer may allow loading an executable file that resides in the same folder as the extracted file. Impact: If exploited, arbitrary code may be executed with the privil...

Distrobox 安全漏洞

Distrobox is an application by Luca Di Maio Personal Developer. Containers can be created using podman, docker or liipod. A security vulnerability exists in Distrobox versions prior to 1.7.0.1 that could allow an attacker to execute arbitrary code via command injection into an exported executable...

Code injection

electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh...

CVE-2024-27303 electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)

electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh...

BIT-ABANTECART-2022-26521

Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the CatalogMedia ManagerImages settings can be changed by an administrator e.g., by configuring .php to be a valid image file type...

CVE-2024-25552

A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product...

CVE-2024-25552

A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product...

Path traversal

A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product...

CVE-2024-25552

CVE-2024-25552 is a local privilege escalation described as unquoted search path traversal affecting Wiesemann & Theis products (e.g., Com Redirector Legacy and related components). The core issue is an unquoted search path that allows a local attacker to place an executable in the affected produ...