14 matches found
CVE-2025-61037
A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The flaw is a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, which runs with SYSTEM privileges, creates a fixed directory and writes files...
CVE-2025-64699
An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw...
EUVD-2025-206011
An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw...
CVE-2025-64699
An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw...
CVE-2025-64699
An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw...
CVE-2025-61037
A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The flaw is a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, which runs with SYSTEM privileges, creates a fixed directory and writes files...
CVE-2025-61037
A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The flaw is a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, which runs with SYSTEM privileges, creates a fixed directory and writes files...
SevenCs ORCA G2 安全漏洞
SevenCs ORCA G2 is an electronic charting system from SevenCs Germany. A security vulnerability exists in SevenCs ORCA G2 version 2.0.1.35, which stems from a competing condition in the license management logic that could lead to elevated privileges...
PT-2025-54358
Name of the Vulnerable Software and Affected Versions SevenCs ORCA G2 version 2.0.1.35 EC2007 Kernel v5.22 Description A local privilege escalation issue exists due to a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, running with SYSTEM...
CVE-2025-64699
An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw...
CVE-2025-61037
SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22) is affected by a local TOCTOU race in the license management logic. The regService process (SYSTEM) creates a fixed directory and writes files without verifying NTFS reparse points; an attacker can race to replace the directory with a junction to a u...
SevenCs ORCA G2 安全漏洞
SevenCs ORCA G2 is an electronic charting system from SevenCs, Germany. A security vulnerability exists in SevenCs ORCA G2 version 2.0.1.35, which originates from the regService process applying a security descriptor without an explicitly configured DACL, and could result in system interruption,...
CVE-2025-61037
A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The flaw is a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, which runs with SYSTEM privileges, creates a fixed directory and writes files...
CVE-2025-64699
CVE-2025-64699 affects SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The regService process, running with SYSTEM privileges, applies a Security Descriptor to a device object that has no explicitly configured DACL. This can allow an attacker to perform unauthorized raw disk operations, potential...