Portrait Displays Dell Color Management 后置链接漏洞

Portrait Displays Dell Color Management is a color management software developed by Portrait Displays Corporation in the United States. Versions of Portrait Displays Dell Color Management prior to version 3.7.0 contained a backlink vulnerability. This vulnerability stemmed from the improper...

CVE-2022-27049

Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed...

EUVD-2024-34421

Malicious code in bioql PyPI...

CVE-2023-32232

An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.836. During client installation and repair, a PrinterLogic binary is called by the installer to configure the device. This window is not hidden, and is running with elevated privileges. A standard user can break out o...

CVE-2024-11468

Omnissa Horizon Client for macOS contains a Local privilege escalation LPE Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS ...

CVE-2024-11468

Omnissa Horizon Client for macOS contains a Local privilege escalation LPE Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS ...

PT-2024-1961 · Ansible · Ansible Automation Platform

Name of the Vulnerable Software and Affected Versions: Ansible Automation Platform affected versions not specified Description: A flaw in the Ansible automation platform was found, related to an insecure WebSocket connection used during installation from the Ansible rulebook EDA server. This issu...

rpm: races with chown/chmod/capabilities calls during installation

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system...

Design/Logic Flaw

Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low privileges to modify files potentially leading to privilege escalation and code execution by the lower privileged user...

npm: npm ci succeeds when package-lock.json doesn't match package.json

A flaw was found in npm. The npm ci command proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation and makes it easier for attackers to install malware that was supposed to have been blocked...

Design/Logic Flaw

It was discovered that the installation packages of the Zoom Client for Meetings for MacOS Standard and for IT Admin installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post-...

Cisco HyperFlex Software Information Disclosure Vulnerability

Cisco HyperFlex Software is a scalable distributed file system from Cisco USA. The system provides unified compute, storage and networking through cloud management, providing enterprise-class data management and optimization services. An information disclosure vulnerability exists in the...

rubygems: Arbitrary file overwrite due to incorrect validation of specification name

It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory...

MATCHA SNS vulnerable to code injection

Overview MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains a code injection CWE-94 vulnerability due to a flaw when configuring the database during installation. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Install)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11 and 6 through Update 38, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process of the client...

Design/Logic Flaw

Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of arbitrary signed Xtras via a Shockwave movie that contains an Xtra URL, as demonstrated by a URL for an outdated Xtra...

Design/Logic Flaw

The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus and anti-spam are supported, does not create or launch the associated scan engines when the system is under heavy load, which has unspecified impact, probably remote bypass of scanner protection o...

SRT2003-04-22-1336 - SAP DB Development Tools install flaw

Secure Network Operations, Inc. http://www.secnetops.com Strategic Reconnaissance Team [email protected] Team Lead Contact [email protected] Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS, Software Security Validation, and...