[SECURITY] Fedora 40 Update: will-crash-0.13.5-6.fc40

The main purpose of this project is to provide sample executables for testing crash/exception handling tools like ABRT...

BIT-GOLANG-2020-0601

A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...

BIT-POSTGRESQL-2020-10733

The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add fil...

Function Calling in Java and Spring AI using the latest Mistral AI API

UPDATE: As of March 13, 2024, Mistral AI has integrated support for parallel function calling into their large model, a feature that was absent at the time of this blog's initial publication. Mistral AI, a leading developer of open-source large language models, unveiled the addition of Function...

Checkmk < 2.2.0p24 Privilege Escalation Vulnerability

Checkmk is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; if...

perl2exe 30.10C Arbitrary Code Execution

Exploit Title: Executables Created with perl2exe safe.pl user@testing:/example$ ./perl2exe-Linux-x64-5.30.1/perl2exe safe.pl Perl2Exe V30.10C 2020-12-11 Copyright c 1997-2020 IndigoSTAR Software ... Generating safe user@testing:/example$ user@testing:/example$ Check that the program executes as...

CVE-2023-7235

The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables...

Design/Logic Flaw

The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables...

CVE-2023-7235

CVE-2023-7235 concerns the OpenVPN GUI installer prior to version 2.6.9, where the installation directory of OpenVPN binaries did not have proper access control when using a non-standard path. This weakness could allow an attacker to replace binaries and execute arbitrary code. The initial CVE en...

CVE-2023-7235

The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables...

CVE-2023-7235

The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables...

Externally Controlled Format String in Scripting Functions

The rquickjs crate used by SurrealDB implements Rust bindings to the QuickJS C library and is used to execute SurrealDB scripting functions. The rquickjs function Exception::throwtype takes a string and returns an error object. Prior to version 0.4.2 of the crate, this string would be fed directl...

SUSE-SU-2024:0486-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Do not strip if SUSE Linux Enterprise 15 SP3 - Exclude debug for Red Hat Enterprise Linux = 8 - Build with Go = 1.20 when the OS is not Red Hat Enterprise Linux golang-github-prometheus-alertmanager: - Create...

CVE-2024-24828

An incorrect default permissions vulnerability was found in pkg. This issue allows an attacker who has access to the /tmp/pkg/ on the local system to replace the genuine executables in the shared directory with malicious executables of the same name...

PT-2024-12771 · Unknown · Raidenftpd

Name of the Vulnerable Software and Affected Versions: RaidenFTPD version 2.4 build 4005 Description: The issue allows a local attacker to gain privileges and execute arbitrary code via a crafted executable running from the installation directory. This is due to an Insecure Permissions problem in...

CVE-2024-24828

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within...

Hardcoded credentials

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within...

CVE-2024-24828 Local Privilege Escalation in execuatables bundled by pkg

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within...

CVE-2024-24828 Local Privilege Escalation in execuatables bundled by pkg

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within...

CVE-2024-24828 Local Privilege Escalation in execuatables bundled by pkg

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within...