68 matches found
CVE-2024-23458
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows 4.2.0.190...
CVE-2024-23458 Local Privilege Escalation on Zscaler Client Connector on Windows
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows 4.2.0.190...
CVE-2024-23458
Summary (CVE-2024-23458): A missing reparse point check while copying individual autoupdater log files allows crafted attacks that could enable local privilege escalation on Zscaler Client Connector for Windows versions prior to 4.2.0.190 . Affected component is the autoupdater/log handling path;...
CVE-2024-23458 Local Privilege Escalation on Zscaler Client Connector on Windows
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows 4.2.0.190...
PT-2024-19880 · Zscaler · Zscaler Client Connector
Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector versions prior to 4.2.0.190 Description: The issue is related to a missing reparse point check while copying individual autoupdater log files. This could result in crafted attacks, potentially leading to a local...
November 14, 2023—KB5032196 (OS Build 17763.5122) - EXPIRED
November 14, 2023—KB5032196 OS Build 17763.5122 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. 11/17/20 For...
SUSE CVE-2018-11728
The libfsntfsreparsepointvaluesreaddata function in libfsntfsreparsepointvalues.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure heap-based buffer over-read via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs iss...
The vulnerability of Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Small Office Security, and Kaspersky Security Cloud antivirus protection lies in their handling of symbolic links, which allows a malicious user to delete any file in the system.
The vulnerability of Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Small Office Security, and Kaspersky Security Cloud antivirus programs is related to errors in processing symbolic links. Exploiting this vulnerability can allow an attacker to delete any...
Dropbox: Local Privilege Escalation on Dropbox Desktop for Windows
This report describes a local privilege escalation in the Dropbox automatic updater process on Windows. It would allow a malicious actor who had already gained non-admin access to a Windows computer to obtain admin privileges, if Dropbox had previously been installed with admin privileges. This...
libfsntfs information disclosure vulnerability (CNVD-2018-16527)
libfsntfs is a library for accessing the New Technology File System NTFS. An information disclosure vulnerability exists in the libfsntfsreparsepointvaluesreaddata function in libfsntfsreparsepointvalues.c on 2018-04-20 and earlier. An attacker can exploit this vulnerability to obtain information...
Heap overflow
DISPUTED The libfsntfsreparsepointvaluesreaddata function in libfsntfsreparsepointvalues.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure heap-based buffer over-read via a crafted ntfs file. NOTE: the vendor has disputed this as described in...
UBUNTU-CVE-2018-11728
DISPUTED The libfsntfsreparsepointvaluesreaddata function in libfsntfsreparsepointvalues.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure heap-based buffer over-read via a crafted ntfs file. NOTE: the vendor has disputed this as described in...
DEBIAN-CVE-2018-11728
The libfsntfsreparsepointvaluesreaddata function in libfsntfsreparsepointvalues.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure heap-based buffer over-read via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs iss...
CVE-2018-11728
The libfsntfsreparsepointvaluesreaddata function in libfsntfsreparsepointvalues.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure heap-based buffer over-read via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs iss...
PT-2018-10786 · Libyal · Libfsntfs
Name of the Vulnerable Software and Affected Versions: libfsntfs versions through 2018-04-20 Description: The issue allows remote attackers to cause an information disclosure via a crafted ntfs file. This is due to a heap-based buffer over-read in the libfsntfs reparse point values read data...
Windows: NPFS Symlink Security Feature Bypass/Elevation of Privilege/Dangerous Behavior(CVE-2018-0823)
Windows: NPFS Symlink Security Feature Bypass/Elevation of Privilege/Dangerous Behavior Platform: Windows 10 1709 functionality not present prior to this version Class: Security Feature Bypass/Elevation of Privilege/Dangerous Behavior Summary: It’s possible to create NPFS symlinks as a low IL or...
Windows: Global Reparse Point Security Feature Bypass/Elevation of Privilege(CVE-2018-0822)
Windows: Global Reparse Point Security Feature Bypass/Elevation of Privilege Platform: Windows 10 1709 functionality not present prior to this version Class: Security Feature Bypass/Elevation of Privilege Summary: It’s possible to use the new Global Reparse Point functionality introduced in Windo...
Microsoft Windows - Global Reparse Point Security Feature Bypass/Elevation of Privilege Exploit
Exploit for windows platform in category local exploits Windows: Global Reparse Point Security Feature Bypass/Elevation of Privilege Platform: Windows 10 1709 functionality not present prior to this version Class: Security Feature Bypass/Elevation of Privilege Summary: It’s possible to use the ne...
Microsoft Windows - NPFS Symlink Security Feature BypassElevation of PrivilegeDangerous Behavior
Microsoft Windows - NPFS Symlink Security Feature BypassElevation of PrivilegeDangerous Behavior Windows: NPFS Symlink Security Feature Bypass/Elevation of Privilege/Dangerous Behavior Platform: Windows 10 1709 functionality not present prior to this version Class: Security Feature Bypass/Elevati...
Microsoft Windows - Global Reparse Point Security Feature BypassElevation of Privilege
Microsoft Windows - Global Reparse Point Security Feature BypassElevation of Privilege Windows: Global Reparse Point Security Feature Bypass/Elevation of Privilege Platform: Windows 10 1709 functionality not present prior to this version Class: Security Feature Bypass/Elevation of Privilege...