482 matches found
CVE-2025-46715
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, ApiGetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to write t...
CVE-2019-13208
WavesSysSvc in Waves MAXX Audio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. This affects WavesSysSvc64.exe 1.9.29.0...
CVE-2002-1946
Videsh Sanchar Nigam Limited VSNL Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme one-to-one mapping in a registry key, which allows local users to obtain and decrypt the password...
Windows App Installer (Windows SMB Login)
SMB login-based detection of Windows App Installer SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Edge Update Setup (Chromium-based) Detection (Windows SMB Login)
This script detects the installed version of Microsoft Edge Update Setup Chromium-based for Windows. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
CVE-2025-23403
A vulnerability has been identified in SIMATIC IPC DiagBase All versions, SIMATIC IPC DiagMonitor All versions. The affected device do not properly restrict the user permission for the registry key. This could allow an authenticated attacker to load vulnerable drivers into the system leading to...
CVE-2025-23403
A vulnerability has been identified in SIMATIC IPC DiagBase All versions, SIMATIC IPC DiagMonitor All versions. The affected device do not properly restrict the user permission for the registry key. This could allow an authenticated attacker to load vulnerable drivers into the system leading to...
PT-2025-6202 · Siemens · Simatic Ipc Diagmonitor +1
Name of the Vulnerable Software and Affected Versions: SIMATIC IPC DiagBase All versions SIMATIC IPC DiagMonitor All versions Description: A vulnerability has been identified where the affected devices do not properly restrict user permissions for the registry key. This could allow an authenticat...
PT-2025-6472 · Kaspersky · Kaspersky Security Cloud +11
Name of the Vulnerable Software and Affected Versions: Kaspersky Virus Removal Tool for Windows affected versions not specified Kaspersky Endpoint Security for Windows affected versions not specified Kaspersky Security for Virtualization Light Agent affected versions not specified Kaspersky...
PT-2025-1212 · Microsoft · Windows Bitlocker +1
Name of the Vulnerable Software and Affected Versions: Windows BitLocker affected versions not specified Description: A critical issue in Windows BitLocker exposes the encryption mechanism to a novel randomization attack targeting the AES-XTS mode. This allows attackers to bypass BitLocker...
CVE-2024-8785
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEYLOCALMACHINE\SOFTWARE\WOW6432Node\Ipswitch...
The Windows Registry Adventure #4: Hives and the registry layout
Posted by Mateusz Jurczyk, Google Project Zero To a normal user or even a Win32 application developer, the registry layout may seem simple: there are five root keys that we know from Regedit abbreviated as HKCR, HKLM, HKCU, HKU and HKCC, and each of them contains a nested tree structure that serv...
CVE-2024-20503
A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability ...
CVE-2024-20503
A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability ...
CVE-2024-20503
CVE-2024-20503 affects Cisco Duo Epic for Hyperdrive. The root cause is improper storage of an unencrypted registry key, allowing a low-privileged, authenticated, local attacker to view sensitive information in cleartext on the affected system. Connected advisories confirm this is a local-informa...
CVE-2024-20503 Cisco Duo Epic for Hyperdrive Information Disclosure Vulnerability
A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability ...
CVE-2024-20503 Cisco Duo Epic for Hyperdrive Information Disclosure Vulnerability
A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability ...
Cisco Duo Epic for Hyperdrive Information Disclosure Vulnerability
A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability ...
PT-2024-6530 · Cisco · Cisco Duo Epic For Hyperdrive
Name of the Vulnerable Software and Affected Versions: Cisco Duo Epic for Hyperdrive affected versions not specified Description: The issue is related to insufficient protection of service data, which could allow an authenticated, local attacker to view sensitive information in cleartext on an...
Qualys Announces TruRisk Eliminate to Augment Patching
About 5 years ago, we launched Qualys Patch Management to empower our customers to not just detect and prioritize vulnerabilities but also effectively remediate them. Since then, we have assisted our customers in addressing hundreds of millions of vulnerabilities, significantly enhancing the...