The vulnerability of the UEFI loader’s shim, related to reading beyond the field, allows a hacker to trigger a system failure.

The vulnerability of the UEFI loader “shim” is related to errors in reading beyond the boundary, due to the lack of proper boundary checking during the loading of the binary PE file. Exploiting this vulnerability can allow an attacker to cause a system failure...

PT-2024-27520 · Unknown · Cym1102 Nginxwebui

Name of the Vulnerable Software and Affected Versions: cym1102 nginxWebUI versions up to 3.9.9 Description: A critical issue has been found in the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated...

CVE-2020-8006

The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of common exploitation mitigations. In...

[SECURITY] Fedora 38 Update: upx-4.2.3-1.fc38

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

CVE-2020-8006

The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of common exploitation mitigations. In...

Beware: GitHub's Fake Popularity Scam Tricking Developers into Downloading Malware

Threat actors are now taking advantage of GitHub's search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within...

The vulnerability of the SmartScreen security component for preventing phishing and malicious programs in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the SmartScreen security component against phishing and malicious programs in Windows operating systems is related to a violation of data protection mechanisms. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code, provided that the...

[SECURITY] Fedora 39 Update: upx-4.2.3-1.fc39

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

DEBIAN-CVE-2024-0072

NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service...

UBUNTU-CVE-2024-0076

NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service...

Macro Expert 安全漏洞

Macro Expert is a robotic process automation software from Macro Expert. A security vulnerability exists in Macro Expert 4.9.4 and prior versions that originates from allowing access to the GrassSoftMacro Expert folder, where an unprivileged user can upgrade MacroService to the SYSTEM .exe binary...

PT-2024-21455 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the x86/efistub in the Linux kernel, where the .compat section, a dummy PE section containing the address of the 32-bit entrypoint of the 64-bit kernel image, i...

@electron/packager's build process memory potentially leaked into final executable

Impact A random segment of 1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This memory could contain sensitive information such as environment variables, secrets files, etc. Patches This issue is patched in 18.3.1 Workarounds No...

CVE-2024-29900

Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of 1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This...

TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy

A botnet previously considered to be rendered inert has been observed enslaving end-of-life EoL small home/small office SOHO routers and IoT devices to fuel a criminal proxy service called Faceless. "TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from...

[SECURITY] Fedora 40 Update: pandoc-cli-3.1.3-29.fc40

Pandoc-cli provides a command-line executable that uses the pandoc library to convert between markup formats...

CVE-2024-0259

Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is vulnerable to privilege escalation. A low-privileged user can overwrite the service executable; upon service restart, the replaced binary runs with SYSTEM privileges. Affected: Windows agents before 3.04. Mitigation: up...

SUSE-SU-2024:1046-1 Security update for PackageKit

This update for PackageKit fixes the following issues: - CVE-2024-0217: Check that Finished signal is emitted at most once bsc1218544. - Dropped unnecessary executable permission bsc1209138...

CVE-2024-28131

EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed...

CVE-2024-28131

Affected software: EasyRange Ver 1.41. What is vulnerable: The executable file search path when displaying an extracted file on Explorer may allow loading an executable file that resides in the same folder as the extracted file. Impact: If exploited, arbitrary code may be executed with the privil...