EUVD-2023-41377

Malicious code in bioql PyPI...

CVE-2023-37490

SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the...

CVE-2022-48285

A flaw was found in the JSZip package. Affected versions of JSZip could allow a remote attacker to traverse directories on the system caused by the failure to sanitize filenames when files are loaded with loadAsync, which makes the library vulnerable to a Zip Slip attack. By extracting files from...

Embarcadero Technologies Dev-CPP 安全漏洞

Embarcadero Technologies Dev-CPP is a free, all-in-one development environment for C/C++ development from Embarcadero Technologies, USA. A security vulnerability exists in Embarcadero Technologies Dev-CPP version v4.9.9.2, which stems from insecure permissions in the installation directory and...

PT-2021-19553 · Ysoft · Ysoft Safeq 6

Name of the Vulnerable Software and Affected Versions: YSoft SafeQ 6 version 6.0.55 Description: The issue concerns incorrect privileges in the MU55 FlexiSpooler service, allowing a local user to escalate privileges by overwriting the executable file via an alternative data stream. Recommendation...

CVE-2019-12808

ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execute arbitrary code with system privileges...