Mozilla Firefox < 51.0.3

The version of Firefox installed on the remote Windows host is prior to 51.0.3. It is, therefore, affected by a vulnerability as referenced in the mfsa2017-04 advisory. - The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this...

CVE-2025-56383

Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that allows write access by arbitrary...

[SECURITY] Fedora 42 Update: linenoise-1.0-12.20200312git97d2850.fc42

Linenoise is a replacement for the readline line-editing library with the goal of being smaller...

defusedxml

This is a Python library called defusedxml, which is designed to prevent XML bomb denial of service DoS vulnerabilities. The library provides a facade for the xml.etree.ElementTree module, which is a built-in Python module for parsing and creating XML documents. The library is maintained by...

PT-2024-19401 · Unknown · Creditcoin

Name of the Vulnerable Software and Affected Versions: Creditcoin affected versions not specified Description: The issue concerns the Windows binary of the Creditcoin node, which loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files...

SUSE CVE-2017-5397

The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own...

The vulnerability of the AVEVA Edge InstallShield SCADA system’s installation component allows a perpetrator to execute arbitrary code or enhance their privileges.

The vulnerability of the AVEVA Edge InstallShield SCADA system’s installation component is related to the possibility of replacing the dynamic library. Exploiting this vulnerability could allow a intruder to execute arbitrary code or enhance their privileges...

The vulnerability of the iscsicpl.exe executable file of the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the iscsicpl.exe executable file in Windows operating systems is related to the possibility of replacing the DLL file. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the McAfee Smart Installer, a antivirus software tool developed by McAfee, allows a hacker to execute arbitrary code or enhance their privileges on Windows operating systems.

The vulnerability of the McAfee Smart Installer, a antivirus software tool developed by McAfee, exists on Windows operating systems. It involves the possibility of replacing the dynamic library. Exploiting this vulnerability allows an attacker to execute arbitrary code or increase their privilege...

Jenkins 安全漏洞

Jenkins is a Jenkins open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins has an access control error vulnerability in versions 2.318 and earlier and LTS 2.303 and earlier, which stems from the use of the FilePath AP...

The vulnerability of the module for creating and saving structured information about company departments in the “LOCMAN Reference Guide for Structural Departments” system, which manages engineering data and the product lifecycle of LOCMAN:PLM, arises from the possibility of unlimited loading of dangerous files. This vulnerability allows attackers to execute arbitrary code.

The vulnerability of the module responsible for creating and saving structured information about company departments in the “LOCZMAN Reference Guide for Structural Departments” system, which manages engineering data and the product lifecycle of LOCZMAN:PLM, relates to the unlimited loading of...

The vulnerability of the central module for managing engineering data and the product’s life cycle in the “LOCMAN Client” system, a system for managing engineering data and the product’s life cycle, arises from the possibility of unlimited loading of dangerous type files, allowing attackers to execute arbitrary codes.

The vulnerability of the central module responsible for managing engineering data and the product’s lifecycle in the LOCsMAN Engineering Data and Product Lifecycle Management system is related to the possibility of unlimited loading of dangerous files. Exploiting this vulnerability could allow...

The vulnerability of the module for creating, editing, and saving diagrams of typical and business processes, determining process properties, creating lists of associated objects “LOCMAN WorkFlow Designer” of the engineering data management system, and the product lifecycle management system LOCMAN:PLM. This vulnerability is related to the unlimited loading of dangerous type files, allowing attackers to execute arbitrary code.

The vulnerability of the module responsible for creating, editing, and saving diagrams of typical and working business processes, as well as defining properties of these processes, and creating lists of associated objects in the “LOZMAN Workflow Designer” system for managing engineering data and...

The vulnerability of the module configuration tools “LOCMAN WorkFlow” and “LOCMAN WorkFlow Configurator” of the engineering data and product lifecycle management system LOCMAN lies in the ability to load files of a dangerous type without limitation, allowing attackers to execute arbitrary code.

The vulnerability of the “LOZMAN WorkFlow” and “LOZMAN WorkFlow Configurator” module settings in the engineering data management system and the product lifecycle management system LOZMAN is related to the ability to load files of a dangerous type without limitation. Exploiting this vulnerability...

The vulnerability of the scheduled data synchronization module “LOCMAN Scheduler for Synchronization” of the Engineering Data and Product Lifecycle Management system LOCMAN lies in its ability to load files of a dangerous type indefinitely, allowing a perpetrator to execute arbitrary codes.

The vulnerability of the scheduled data synchronization module “LOZMAN Planner” of the engineering data and product lifecycle management system LOZMAN is related to the unlimited loading of dangerous files. Exploiting this vulnerability can allow attackers to execute arbitrary code by replacing D...

The vulnerability of the update display module of the engineering data management system and the product lifecycle management system LOCMAN, related to unlimited loading of dangerous type files, allows a perpetrator to execute arbitrary code.

The vulnerability of the update display module of the engineering data management and product lifecycle management system LOCsMAN:PLM is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows an attacker to execute arbitrary code by replacing the dll library e.g...

openSUSE Security Update : gcc10 / nvptx-tools (openSUSE-2020-1692)

This update for gcc10, nvptx-tools fixes the following issues : This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgccs1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can...

OPENSUSE-SU-2020:1693-1 Security update for gcc10, nvptx-tools

This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgccs1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can...

CVE-2018-16715

An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable EXE or dynamical...