Intel Computing Improvement Program PyInstaller Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Intel Computing Improvement Program. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

CVE-2023-49797 Local Privilege Escalation in pyinstaller on Windows

PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if...

ak-frame-extractor (>=1.0.0 <=1.1.0), apollo-sdk (>=0.2.4 <=0.2.11) +66 more potentially affected by CVE-2023-49797 via pyinstaller (>=3.0.0 <=5.13.0)

pyinstaller PYPI version =3.0.0, =1.0.0, =0.2.4, =0.1.0, =0.3.6, =0.1.0, =0.0.35, =0.0.13, =0.0.2, =0.8.2, =0.8.6 - faky =1.0.0 and more Source cves: CVE-2023-49797 Source advisory: OSV:GHSA-9W2P-RH8C-V9G5...

Privilege Escalation

pyinstaller is vulnerable to privilege escalation. When the library is used for Windows software in 'onefile' mode by a privileged user with default "TempPath" as C:\Windows\Temp, the function wmkdir does not enforce restricted permissions in Windows. The vulnerability is exploitable only after t...

cork (>=0.1.0 <=0.2.0), dvc (>=0.8.2 <=0.8.6) +12 more potentially affected by CVE-2019-16784 via pyinstaller (>=3.0.0 <=3.5.0)

pyinstaller PYPI version =3.0.0, =0.1.0, =0.8.2, =1.0.0.dev0, =2019.6.5, =0.1.22, =0.9.94, =0.0.1, =0.4.0, =0.1.0, =1.0.1, =0.2.0, =0.7.1 Source cves: CVE-2019-16784 Source advisory: OSV:GHSA-7FCJ-PQ9J-WH2R...