NZBGet Security Vulnerabilities

NZBGet is an efficient usenet downloader from NZBGet. A security vulnerability exists in NZBGet version 21.1, which stems from the fact that the unarchiving programs 7za and unrar retain executable file permissions, and can be exploited by an attacker to execute a file by setting the value of...

binutils: NULL pointer dereference in _bfd_elf_get_symbol_version_string leads to segfault

An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599...

WEM Security Executable Rules are not working as expected

AppLocker policies configured through Citrix Workspace Environment Management WEM under Security - Executable Rules are not working as expected...

CVE-2023-6179 Incorrect Permission assignment to program executable folders

Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folders. An attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recommends updating to the most...

CVE-2023-47058

Adobe Premiere Pro version 24.0 and earlier and 23.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the contex...

CVE-2023-47263

Certain WithSecure products allow a Denial of Service DoS in the antivirus engine when scanning a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure...

Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers

Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service DDoS botnet dubbed OracleIV. "Attackers are exploiting this misconfiguration to deliver a malicious Docker container, buil...

CVE-2023-6006

This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must have local write access to the C Drive. In addition, Print Archiving must be enabled or the attacker needs to encounter a misconfigured system. This vulnerabilit...

CVE-2023-6006 Privilege Escalation Vulnerability

This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must have local write access to the C Drive. In addition, Print Archiving must be enabled or the attacker needs to encounter a misconfigured system. This vulnerabilit...

The vulnerability of the `scan_unit_for_symbols` function in the `dwarf2.c` component of the GNU Binutils development environment allows a hacker to trigger a service failure.

The vulnerability of the scanunitforsymbols function in the dwarf2.c component of the GNU Binutils development environment is related to pointer arithmetic errors. Exploiting this vulnerability allows an attacker who operates remotely to trigger a service failure using a specially created ELF fil...

The vulnerability of the nm.c and objdump.c components of the GNU Binutils development environment allows a hacker to gain access to confidential data, compromise their integrity, and cause service failures.

The vulnerability of the nm.c and objdump.c components of the GNU Binutils development environment is related to reading data from beyond the allowed buffer size. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service...

The vulnerability of the `read_formatted_entries` function in the `dwarf2.c` component of the GNU Binutils development environment allows a hacker to induce a service failure.

The vulnerability of the readformattedentries function in the dwarf2.c component of the GNU Binutils development environment is related to pointer arithmetic errors. Exploiting this vulnerability allows an attacker to cause a service failure through the use of a specially created ELF file...

The vulnerability of the decode_line_info function in the dwarf2.c component of the GNU Binutils development environment allows a hacker to induce a service failure.

The vulnerability of the decodelineinfo function in the dwarf2.c component of the GNU Binutils development environment is related to reading data beyond the allowable buffer limits. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a specially created ELF...

The vulnerability of the read_section function in the dwarf2.c component of the GNU Binutils development environment allows a hacker to induce a service failure.

The vulnerability of the readsection function in the dwarf2.c component of the GNU Binutils development environment relates to reading data beyond the allowed buffer limits. Exploiting this vulnerability allows an attacker to cause a service failure by using a specially created ELF file...

The vulnerability of the `find_abstract_instance_name` function in the `dwarf2.c` component of the GNU Binutils development environment allows a hacker to induce a service failure.

The vulnerability of the findabstractinstancename function in the dwarf2.c component of the GNU Binutils development environment is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability allows an attacker who operates remotely to trigger a service...

The vulnerability of the `apply_relocations` function in the `binutils/readelf.c` component of the GNU Binutils development environment allows a attacker to cause a service failure.

The vulnerability of the applyrelocations function in the binutils/readelf.c component of the GNU Binutils development environment is related to integer overflow. Exploiting this vulnerability allows an attacker, operating remotely, to cause a service failure through the use of a specially create...

The vulnerability of the decode_line_info function in the dwarf2.c component of the GNU Binutils development environment allows a hacker to induce a service failure.

The vulnerability of the decodelineinfo function in the dwarf2.c component of the GNU Binutils development environment is related to reading data beyond the allowable buffer limits. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a specially created ELF...

The vulnerability of the `dump_relocs_in_section` function in the `objdump.c` component of the GNU Binutils development environment allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the dumprelocsinsection function in the objdump.c component of the GNU Binutils development environment is related to integer overflow. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability in the `loaddebugsection` function of the `readelf.c` component of the GNU Binutils development environment allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the loaddebugsection function in the readelf.c component of the GNU Binutils development environment is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its...

The vulnerability of the decode_line_info function in the dwarf2.c component of the GNU Binutils development environment allows a hacker to induce a service failure.

The vulnerability of the decodelineinfo function in the dwarf2.c component of the GNU Binutils development environment is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability allows an attacker to trigger a service failure using a specially created...