How severe is CVE-2024-42381?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.3 out of 10.

What type of vulnerability is CVE-2024-42381?

This is classified as CWE-830, which is a common weakness in software security.

CVE-2024-42381

HIGH Year: 2024

CVSS v3 Score

8.3

High

Weakness Type

CWE-830

View all →

Vulnerability Description

os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which occurs before a user would expect execution of downloaded package content. (237d1e783f7ee261beaba7d3f6bde22da7148b0a was the tested vulnerable version.)

CVE-2024-29944

HIGH

CVSS:8.4(High)

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, i...

CWE-8302024

CVE-2023-2588

HIGH

CVSS:8.8(High)

Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell (SSH)/web management services over the cloud proxy. A user can...

CWE-8302023

CVE-2025-33026

HIGH

CVSS:7.8(High)

In PeaZip through 10.4.0, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of PeaZip. U...

CWE-8302025

CVE-2025-33027

HIGH

CVSS:7.8(High)

In Bandisoft Bandizip through 7.37, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of...

CWE-8302025