EUVD-2015-5192

Malware in sbrugna...

SUSE CVE-2024-40644

gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts without administrative privileges to create new...

gix-path can use a fake program files location

Summary When looking for Git for Windows so it can run it to report its paths, gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account. Details Windows permits limited user accounts without administrative privileges to create new directories ...

PT-2024-28962 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: gitoxide versions 0.10.8 Description: The issue arises from gix-path being tricked into running another git.exe placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts to create new...

openSUSE Security Update : qemu (openSUSE-2021-600)

This update for qemu fixes the following issues : - CVE-2020-12829: Fix OOB access in sm501 device emulation bsc1172385 - CVE-2020-25723: Fix use-after-free in usb xhci packet handling bsc1178934 - CVE-2020-25084: Fix use-after-free in usb ehci packet handling bsc1176673 - CVE-2020-25625: Fix...

SUSE SLES12 Security Update : qemu (SUSE-SU-2021:1241-1)

This update for qemu fixes the following issues : Fix OOB access in sm501 device emulation CVE-2020-12829, bsc1172385 Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation CVE-2020-13362, bsc1172383 Fix use-after-free in usb xhci packet handling CVE-2020-25723, bsc1178934 Fix use-after-fre...

SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2021:1243-1)

This update for qemu fixes the following issues : CVE-2020-12829: Fix OOB access in sm501 device emulation bsc1172385 CVE-2020-25723: Fix use-after-free in usb xhci packet handling bsc1178934 CVE-2020-25084: Fix use-after-free in usb ehci packet handling bsc1176673 CVE-2020-25625: Fix infinite lo...

Palo Alto Networks Secdo Input Validation Error Vulnerability (CNVD-2020-26235)

Palo Alto Networks Secdo is a security incident response solution from Palo Alto Networks, USA. Palo Alto Networks Secdo suffers from an input validation error vulnerability that stems from Secdo executing scripts on hard-coded paths. An attacker can exploit this vulnerability to gain system...

CVE-2015-5191

VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H...

CVE-2015-5191

VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H...

formhandler.cgi.txt

From: Mnemonix Subject: FormHandler.cgi FormHandler.cgi available from http://www.cgi-perl.com/programs/FormHandler uses hard coded physical paths for templates etc so it's possible to get sensitive files like /etc/passwd by modifying a site's f orm and submitting it. Cheers, David Litchfield...