8 matches found
EUVD-2024-32987
Malicious code in bioql PyPI...
EUVD-2023-2640
Malicious code in bioql PyPI...
CVE-2024-10228
The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23...
CVE-2024-10228 Vagrant VMWare Utility installation files vulnerable to modification by unprivileged user
The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23...
CVE-2024-10228
The CVE-2024-10228 entry concerns the Vagrant VMWare Utility Windows installer, where the installer places files into a custom, non-protected path that can be modified by an unprivileged user, enabling unauthorized file-system writes. This root cause is described across multiple sources and versi...
CVE-2024-45593
CVE-2024-45593 affects the Nix package manager. A bug in Nix 2.24 prior to 2.24.6 lets a substituter or malicious user craft a NAR that, when unpacked by Nix, writes to arbitrary filesystem locations accessible to the Nix process, with root privileges when using the Nix daemon. Multiple connected...
CVE-2023-5834 Vagrant’s Windows Installer Allowed Directory Junction Write
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0...
CVE-2023-5834 Vagrant’s Windows Installer Allowed Directory Junction Write
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0...