Filtered by vendor Homebrew
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37273 | 2 Homebrew, Jan | 2 Jan, Jan | 2025-02-13 | 9.8 Critical |
| An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-36858 | 1 Homebrew | 1 Jan | 2025-02-13 | 9.8 Critical |
| An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-36857 | 2 Homebrew, Janhq | 2 Jan, Jan | 2025-02-13 | 7.5 High |
| Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface. | ||||
| CVE-2024-42381 | 1 Homebrew | 1 Brew | 2024-08-01 | 8.3 High |
| os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which occurs before a user would expect execution of downloaded package content. (237d1e783f7ee261beaba7d3f6bde22da7148b0a was the tested vulnerable version.) | ||||
Page 1 of 1.