CVE-2024-24828 Local Privilege Escalation in execuatables bundled by pkg

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within...

CVE-2024-24828 Local Privilege Escalation in execuatables bundled by pkg

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within...

PAX Technology A920 Injection Vulnerability

PAX Technology A920 is an Android mobile payment terminal from PAX Technology. The PAX Technology A920 suffers from a security vulnerability that originates from a version checking error, which can be exploited by an attacker to steer the loader to downgrade to a vulnerable version, leading to...

CVE-2023-41898

CVE-2023-41898 affects the Home Assistant Companion for Android (up to version 2023.8.2). The vulnerability is arbitrary URL loading in a WebView, enabling arbitrary JavaScript execution, limited native code execution, and credential theft. It has been patched in version 2023.9.2; all users shoul...

CVE-2023-41898 Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android

Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential...

Home Assistant Code Injection Vulnerability

Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. A security vulnerability exists in Home Assistant versions prior to 2023.9.2 that stems from an arbitrary URL loading issue in WebView. An attacker can exploit the...

Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages

Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was uncovered by JFrog late last month,...

SUSE CVE-2021-37404

There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher...

JetBrains IntelliJ IDEA 代码注入漏洞

Jetbrains JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from the Czech company Jetbrains. A security vulnerability exists in JetBrains IntelliJ IDEA 2022.2 and earlier versions, which stems from the possibility that an attacker could execute native...

Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2

There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher...

Adobe Reader and Acrobat Sandbox Bypass Vulnerability

Adobe Reader and Acrobat on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context...

JetBrains IntelliJ IDEA Code Injection Vulnerability (CNVD-2022-55674)

JetBrains IntelliJ IDEA is a suite of integrated development environments for the Java language from Jetbrains Czech Republic.A code injection vulnerability exists in versions of JetBrains IntelliJ IDEA prior to 2022.1, which could be exploited to execute native code via a custom Pandoc path...

JetBrains IntelliJ IDEA Code Injection Vulnerability (CNVD-2022-55680)

JetBrains IntelliJ IDEA is a suite of integrated development environments for the Java language from Jetbrains Czech Republic.A code injection vulnerability exists in versions of JetBrains IntelliJ IDEA prior to 2022.1, which could be exploited by attackers to execute native code via workspace...

JetBrains Rider Code Injection Vulnerability

JetBrains Rider is a cross-platform integrated development environment IDE from Czech company Jetbrains. versions prior to JetBrains Rider 2022.1 contain a code injection vulnerability that could be exploited by attackers to execute native code via a link in the ReSharper quick documentation...

JetBrains IntelliJ IDEA Code Injection Vulnerability

JetBrains IntelliJ IDEA is a suite of integrated development environments for the Java language from Jetbrains, a Czech company.A code injection vulnerability exists in versions of JetBrains IntelliJ IDEA prior to 2022.1, which stems from the execution of native code via a link in Quick...

Jetbrains Rider 代码注入漏洞

JetBrains Rider is a cross-platform integrated development environment IDE from Czech company Jetbrains. versions prior to JetBrains Rider 2022.1 contain a code injection vulnerability that could be exploited by attackers to execute native code via a link in the ReSharper quick documentation...

Jetbrains JetBrains IntelliJ IDEA 代码注入漏洞

JetBrains IntelliJ IDEA is a suite of integrated development environments for the Java language from Jetbrains, a Czech company.A code injection vulnerability exists in versions of JetBrains IntelliJ IDEA prior to 2022.1, which stems from the execution of native code via a link in Quick...

Jetbrains JetBrains IntelliJ IDEA 代码注入漏洞

JetBrains IntelliJ IDEA is a suite of integrated development environments for the Java language from Jetbrains Czech Republic.A code injection vulnerability exists in versions of JetBrains IntelliJ IDEA prior to 2022.1, which could be exploited by attackers to execute native code via workspace...

JetBrains IntelliJ IDEA 代码注入漏洞

JetBrains IntelliJ IDEA is a suite of integrated development environments for the Java language from Jetbrains Czech Republic.A code injection vulnerability exists in versions of JetBrains IntelliJ IDEA prior to 2022.1, which could be exploited to execute native code via a custom Pandoc path...

Jetbrains IntelliJ IDEA 代码注入漏洞

JetBrains IntelliJ IDEA is a suite of integrated development environments for the Java language from Jetbrains Czech Republic.JetBrains IntelliJ IDEA versions prior to 2022.1 contain a code injection vulnerability that could be exploited to execute native code via HTML descriptions in custom JSON...