CVE-2024-24828

CVE-2024-24828 describes a local privilege escalation in the Node.js tool pkg. The vulnerability arises because native-code packages built by pkg are written to a hardcoded, shared directory (/tmp/pkg/) on UNIX-like systems with non-unique, predictable names. An attacker with access to the same l...

CVE-2023-50386 Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets

Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...

PT-2024-20594 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: pkg affected versions not specified Description: The issue arises from the pkg tool writing native code packages to a hardcoded directory, specifically /tmp/pkg/ on Unix systems, which is a shared directory for all users on the same local...

The vulnerability of the Runc container launch tool is related to deficiencies in the system’s controlled area segmentation mechanism, allowing attackers to execute arbitrary code.

The vulnerability of the Runc container launch tool is related to deficiencies in the system’s controlled zone separation mechanisms. Exploiting this vulnerability allows an attacker to execute arbitrary code outside of the isolated programming environment by rewriting the executable files...

CVE-2023-5347

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01...

Information disclosure

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01...

CVE-2023-5347 Unauthenticated Firmware Upgrade

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01...

CVE-2023-5347

CVE-2023-5347 describes an improper verification of cryptographic signatures in the update process of Korenix JetNet Series. The vulnerability allows replacing the entire operating system, including trusted executables, on JetNet devices older than firmware version 2024/01. The impact is high (fu...

Korenix JetNet 2024/01 Security Vulnerability

Korenix JetNet is an industrial 5-port 10 / 100Base-TX Ethernet switch from Korenix. A security vulnerability exists in Korenix JetNet firmware versions prior to 2024/01, which stems from incorrect cryptographic signature validation during the update process, allowing the replacement of the entir...

NewStart CGSL MAIN 6.06 : mokutil Multiple Vulnerabilities (NS-SA-2023-0080)

The remote NewStart CGSL host, running version MAIN 6.06, has mokutil packages installed that are affected by multiple vulnerabilities: - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption o...

Dell SupportAssist for Home PCs Code Issue Vulnerability

Dell SupportAssist for Home PCs is a client application for home computers from Dell USA. The program provides automated, proactive and predictive techniques for troubleshooting and more. A security vulnerability exists in Dell SupportAssist for Home PCs version 3.14.1 and prior versions, which...

Fedora: Security Advisory for perl-PAR-Packer (FEDORA-2023-9ef8a60a05)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: perl-PAR-Packer-1.057-4.fc38

This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files...

New MrAnon Stealer Malware Targeting German Users via Booking-Themed Scam

A phishing campaign has been observed delivering an information stealer malware called MrAnon Stealer to unsuspecting victims via seemingly benign booking-themed PDF lures. "This malware is a Python-based information stealer compressed with cx-Freeze to evade detection," Fortinet FortiGuard Labs...

[SECURITY] Fedora 39 Update: perl-PAR-Packer-1.059-2.fc39

This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files...

CVE-2023-4770

An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution...

CVE-2023-4770

CVE-2023-4770 affects 4D and 4D server Windows executables, specifically version 19 R8 100218. The issue is an uncontrolled search path element causing DLL hijacking by replacing the x64 shfolder.dll in the installation path, leading to arbitrary code execution. Public details confirm the vulnera...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string that could affect the integrity...

Artica Pandora FMS Security Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS versions 700 through 773, which stems from an improperly restricted...

PT-2023-7872 · Unknown · Itpison Omicard Edm

Name of the Vulnerable Software and Affected Versions: ITPison OMICARD EDM affected versions not specified Description: The file uploading function in ITPison OMICARD EDM does not restrict the upload of files with dangerous types. An unauthenticated remote attacker can exploit this issue to uploa...