The vulnerability of the NTFS file system of the Windows operating system, which allows a perpetrator to increase their privileges

The vulnerability of the NTFS file system in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...

Microsoft Windows NTFS Elevation of Privilege Vulnerability (CNVD-2019-40566)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in the Microsoft Windows NTFS sandbox...

CVE-2018-8411

An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016,...

spring-framework: Directory traversal vulnerability with static resources on Windows filesystems

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. When static resources are served from a file system on Windows as opposed to the classpath, or...

UBUNTU-CVE-2018-12929

ntfsreadlockedinode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service kernel oops or panic via a crafted ntfs filesystem...

PT-2018-11490

Name of the Vulnerable Software and Affected Versions Linux kernel version 4.15.0 Description The issue is related to the ntfs attr find function in the ntfs.ko filesystem driver, which allows attackers to trigger a stack-based out-of-bounds write. This can cause a denial of service, resulting in...

UBUNTU-CVE-2018-11728

DISPUTED The libfsntfsreparsepointvaluesreaddata function in libfsntfsreparsepointvalues.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure heap-based buffer over-read via a crafted ntfs file. NOTE: the vendor has disputed this as described in...

DEBIAN-CVE-2018-11729

The libfsntfsmftentryreadheader function in libfsntfsmftentry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure heap-based buffer over-read via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub...

Microsoft Windows NTFS Elevation of Privilege Vulnerability (CNVD-2018-13290)

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation.Microsoft Windows 10 is a set of operating systems for personal computers.Windows Server 2008 SP2 is a set of server operating systems.NTFS is one of the file systems. An elevation of privilege...

USN-3671-1 git vulnerabilities

Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when "git clone --recurse-submodules" is used. CVE-2018-11235 It was discovered that an integer overflow existed ...

ALPINE-CVE-2018-11233

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory...

DEBIAN-CVE-2018-11233

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory...

UBUNTU-CVE-2018-11233

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory...

Directory traversal

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. When static resources are served from a file system on Windows as opposed to the classpath, or...

CVE-2018-0822

NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka "Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability"...

MS13-036: Description of the security update for the Windows file system kernel-mode driver (ntfs.sys): April 9, 2013

MS13-036: Description of the security update for the Windows file system kernel-mode driver ntfs.sys: April 9, 2013 INTRODUCTION Microsoft has released security bulletin MS13-036. To view the complete security bulletin, visit one of the following Microsoft websites: Home users:...

winfsp - Windows File System Proxy

WinFsp is a set of software components for Windows computers that allows the creation of user mode file systems. In this sense it is similar to FUSE Filesystem in Userspace, which provides the same functionality on UNIX-like computers. Some of the benefits and features of using WinFsp are listed...

iCAM Workstation Control 4.8.0.0 - Authentication Bypass Vulnerability

Exploit for windows platform in category local exploits 1. From the login screen most keys are blocked accept alphanumeric keys. However if you press the Alt & Tab hotkey then you can access the desktop of the user currently running the iCAM client. 2. Although a blank desktop, you can then press...

Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2012:147)

Security issues were identified and fixed in mozilla thunderbird : Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we...

DEBIAN-CVE-2007-4199

Brian Carrier The Sleuth Kit TSK before 2.09 allows user-assisted remote attackers to cause a denial of service application crash and prevent examination of certain NTFS files via a malformed NTFS image that triggers 1 dereference of a certain integer value by ntfsdent.c in fls, or 2 dereference ...