8 matches found
CVE-2024-23458
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows 4.2.0.190...
CVE-2024-23458
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows 4.2.0.190...
CVE-2024-23458 Local Privilege Escalation on Zscaler Client Connector on Windows
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows 4.2.0.190...
PT-2024-19880 · Zscaler · Zscaler Client Connector
Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector versions prior to 4.2.0.190 Description: The issue is related to a missing reparse point check while copying individual autoupdater log files. This could result in crafted attacks, potentially leading to a local...
GHSA-77XC-HJV8-WW97 AutoUpdater module fails to validate certain nested components of the bundle
Impact This vulnerability allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. Please note that this kind of attack would require...
AutoUpdater module fails to validate certain nested components of the bundle
Impact This vulnerability allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. Please note that this kind of attack would require...
CVE-2022-29257 Electron's AutoUpdater module fails to validate certain nested components of the bundle
Electron is a framework for writing cross-platform desktop applications using JavaScript JS, HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafte...
CVE-2022-29257 Electron's AutoUpdater module fails to validate certain nested components of the bundle
Electron is a framework for writing cross-platform desktop applications using JavaScript JS, HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafte...