Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-36281: Template injection to arbitrary code execution · Issue #4394 · langchain-ai/langchain

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the load_prompt parameter.

CVE
Open in Source
#windows#js
CVE-2022-48570: Release Crypto++ 8.4 release · weidai11/cryptopp

Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons.

CVE-2020-21427: FreeImage / Bugs / #298 heap-buffer-overflow in function LoadPixelDataRLE8 of PluginBMP.cpp

Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

GHSA-j55r-787p-m549: Shescape on Windows escaping may be bypassed in threaded context

### Impact This may impact users that use Shescape on Windows in a threaded context (e.g. using [Worker threads](https://nodejs.org/api/worker_threads.html)). The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This snippet demonstrates a vulnerable use of Shescape: ```javascript // vulnerable.js import { exec } from "node:child_process"; import { Worker, isMainThread } from 'node:worker_threads'; import * as shescape from "shescape"; if (isMainThread) { // 1. Something like a worker thread must be used. The reason being that they // unexpectedly change environment variable names on Windows. new Worker("./vulnerable.js"); } else { // 2. Example configuration that's problematic. In this setup example the // expected default system shell is CMD. We configure the use of PowerShell. // Shescape will fail to look up PowerShell and default t...

Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.

In large metropolitan areas, tourists are often easy to spot because they're far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like ransomware, and that more organizations should set simple virtual tripwires that sound the alarm when authorized users and devices are spotted exhibiting this behavior.

TSPlus 16.0.2.14 Insecure Permissions

TSPlus version 16.0.2.14 suffers from an insecure permissions vulnerability.

TSPlus 16.0.0.0 Insecure Permissions

TSPlus version 16.0.0.0 suffers from an insecure permissions vulnerability.

TSPlus 16.0.0.0 Insecure Credential Storage

TSPlus version 16.0.0.0 suffers from an insecure credential storage vulnerability.

Inosoft VisiWin 7 2022-2.1 Insecure Permissions / Privilege Escalation

Inosoft VisiWin 7 version 2022-2.1 suffers from a privilege escalation vulnerability.

Dolibarr 17.0.1 Cross Site Scripting

Dolibarr version 17.0.1 suffers from a persistent cross site scripting vulnerability.