79 matches found
PT-2024-5009 · Openvpn +1 · Openvpn +1
Name of the Vulnerable Software and Affected Versions: OpenVPN versions 2.6.9 and earlier Description: The issue is related to the unrestricted loading of plug-in files in OpenVPN on Windows. This allows an attacker to load an arbitrary plug-in, which can interact with the privileged OpenVPN...
Microsoft Windows Error Reporting Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Furthermore, exploitation is possible only in...
K21595932: Samba vulnerability CVE-2018-1057
Security Advisory Description On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service...
Improper access control
An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an attacker with a basic level of access to the cluster to deploy a kiali operand to use this vulnerability and deploy a given image to anywhere in the cluster, potential...
CVE-2020-10143
Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate...
CVE-2020-10139
Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkinsagent. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system...
Design/Logic Flaw
Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkinsagent. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can...
CVE-2020-15264
The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looki...
Code injection
The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looki...
CVE-2020-14306
An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through 1.1.3. This flaw allows an attacker with a basic level of access to the cluster to deploy a custom gateway/pod to any namespace, potentially gaining access to privileged...
CVE-2020-15593
SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC Inter-Process Communicati...
Code injection
SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC Inter-Process Communicati...
CVE-2020-14978
An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorrect client version verification, an attacker can connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine...
Default credentials
Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices e.g., by using default credentials can change the LDAP connection IP...
Profile API CreateEnvBlock Local Information Disclosure
The exported function CreateEnvBlock from profapi.dll which is used by the CreateEnvironmentBlock API function has an information disclosure vulnerability when building the environment block for a user which can be locally exploited to disclose heap memory of a process calling the API. For exampl...
CVE-2019-18215
An issue was discovered in signmgr.dll 6.5.0.819 in Comodo Internet Security through 12.0. A DLL Preloading vulnerability allows an attacker to implant an unsigned DLL named iLog.dll in a partially unprotected product directory. This DLL is then loaded into a high-privileged service before the...
Design/Logic Flaw
An issue was discovered in Avira Free Security Suite 10. The permissive access rights on the SoftwareUpdater folder files / folders and configuration are incompatible with the privileged file manipulation performed by the product. Files can be created that can be used by an unprivileged user to...
CVE-2018-1057
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts eg Domain Controllers...
Google Android - Binder Generic ASLR Leak
Google Android - Binder Generic ASLR Leak Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=889 The interaction between the kernel /dev/binder and the usermode Parcel.cpp mean that when a binder object is passed as BINDERTYPEBINDER or BINDERTYPEWEAKBINDER, a pointer to that object...