180 matches found
CVE-2024-24890
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files...
CVE-2025-0518
CVE-2025-0518 affects FFmpeg 7.1 and is due to an unchecked return value causing an out-of-bounds read in libavfilter/af_pan.C. The issue is addressed by the FFmpeg commit b5b6391d64807578ab872dc58fb8aa621dcfc38a, which provides the fix. Discovery credited to Simcha Kosman. Public references in c...
Cross Platform Webkit File Dropper
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cross Platform Webkit File Dropper', 'Description' = %q This module exploits a XSLT vulnerability in Webkit to drop ASCII or UTF-8 files to the...
CVE-2024-7490
The CVE-2024-7490 issue is a stack-based overflow in Microchip Advanced Software Framework’s tinydhcpserver implementation (lwip_dhcp_find_option) caused by improper input validation. Affects ASF through version 3.52.0.2574; no fixes in the ASF stack are provided, and Microchip states the framewo...
SUSE CVE-2024-40644
gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts without administrative privileges to create new...
CVE-2024-40644 gitoxide's gix-path can use a fake program files location
gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts without administrative privileges to create new...
CVE-2024-40644
The CVE-2024-40644 issue affects gitoxide’s gix-path on Windows. Affected code path allows a limited user to place a malicious git.exe in hard-coded fallback locations (C:/Program Files/Git/mingw64/bin or C:/Program Files (x86)/Git/mingw32/bin). gix-path’s env logic may directly execute that git....
CVE-2024-40644
gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts without administrative privileges to create new...
gix-path can use a fake program files location
Summary When looking for Git for Windows so it can run it to report its paths, gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account. Details Windows permits limited user accounts without administrative privileges to create new directories ...
CVE-2024-24898
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. This vulnerability is associated with program files https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C. This issue affects...
CVE-2024-24891
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. This vulnerability is associated with program files https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C. This issue affects...
CVE-2024-27674
Macro Expert through 4.9.4 allows BUILTIN\Users:OICIM access to the "%PROGRAMFILESX86%\GrassSoft\Macro Expert" folder and thus an unprivileged user can escalate to SYSTEM by replacing the MacroService.exe binary...
CVE-2024-24890
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files...
CVE-2024-24897 Remote command execution in A-Tune-Collector
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files...
CVE-2024-21803
Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM bluetooth modules allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/afbluetooth.C. This issue affects Linux kernel: fr...
CVE-2024-21803
Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM bluetooth modules allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/afbluetooth.C. This issue affects Linux kernel: fr...
CVE-2020-12612
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files x86 folder and therefore uses the %ProgramFilesx86% environment variable. However, when this same policy gets pushed to a...
CVE-2023-27133
TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILESX86%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remot...
Eaton easyE4 PLC Encryption Issue Vulnerability
The Eaton easyE4 PLC is a PLC from Eaton Corporation USA. A security vulnerability exists in the Eaton easyE4 PLC that stems from a weakly encoded algorithm used to store device passwords in program files...
PT-2023-28977 · Eaton · Eaton Easye4 Plc
Name of the Vulnerable Software and Affected Versions: Eaton easyE4 PLC affected versions not specified Description: The Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. However, it was observed that the device...