Vaxry

2 exploits Active since Apr 2024

CVE-2024-33904 WRITEUP HIGH WRITEUP

Hyprland <= 0.39.1 - Arbitrary Code Execution via Race Condition in HookSystem Plugin

In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before 28c8561), through a race condition, a local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary file.

CVSS 7.0

View Code

CVE-2024-42029 WRITEUP MEDIUM WRITEUP

xdg-desktop-portal-hyprland <1.3.3 - Command Injection

xdg-desktop-portal-hyprland (aka an XDG Desktop Portal backend for Hyprland) before 1.3.3 allows OS command execution, e.g., because single quotes are not used when sending a list of app IDs and titles via the environment.

CVSS 6.3

View Code