182 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-22039
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int and used in an unchecked addition, which could overflow and bypa...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed an overflow issue in the bounds check of the dacloffset field. The dacloffset field was originally defined as an int type and was used in an unchecked addition. This could lead to an overflow condition, bypassing the...
CVE-2019-19741
Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service verifies the client's...
CVE-2019-13142
The RzSurroundVADStreamingService RzSurroundVADStreamingService.exe in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver\. The DACL on this folder allows any user to overwrite contents of files in this folder,...
DEBIAN-CVE-2025-22039
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int and used in an unchecked addition, which could overflow and bypass the existing bounds check in both smbcheckpermdacl and...
UBUNTU-CVE-2025-22039
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int and used in an unchecked addition, which could overflow and bypass the existing bounds check in both smbcheckpermdacl and...
SUSE CVE-2022-49366
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix reference count leak in smbcheckpermdacl The issue happens in a specific path in smbcheckpermdacl. When "id" and "uid" have the same value, the function simply jumps out of the loop without decrementing the reference...
UBUNTU-CVE-2022-49366
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix reference count leak in smbcheckpermdacl The issue happens in a specific path in smbcheckpermdacl. When "id" and "uid" have the same value, the function simply jumps out of the loop without decrementing the reference...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the smbcheckpermdacl function not releasing the reference count of posixacls at a specific path, which could...
PT-2024-16343 · Rapid7 · Rapid7 Velociraptor Msi Installer
Name of the Vulnerable Software and Affected Versions: Rapid7 Velociraptor MSI Installer versions prior to 0.73.3 Description: The issue arises from the Rapid7 Velociraptor MSI Installer creating the installation directory with WRITE DACL permission to the BUILTINUsers group. This allows local...
DEBIAN-CVE-2023-52755
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab out of bounds write in smbinheritdacl slab out-of-bounds write is caused by that offsets is bigger than pntsd allocation size. This patch add the check to validate 3 offsets using allocation size...
CVE-2023-52755
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab out of bounds write in smbinheritdacl slab out-of-bounds write is caused by that offsets is bigger than pntsd allocation size. This patch add the check to validate 3 offsets using allocation size...
CVE-2024-29513
An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a local attacker to execute arbitrary code within the driver and create a local denial-of-service condition due to an improper DACL being applied to the device the driver creates...
CVE-2024-29513
CVE-2024-29513 impacts BlueRiSC WindowsSCOPE Cyber Forensics prior to version 3.3, via briscKernelDriver.sys. The root cause is an improper DACL on the device the driver creates, enabling a local attacker to execute arbitrary code within the driver and cause a local denial-of-service condition. T...
CVE-2023-42126
G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the...
CVE-2023-42126
G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the...
CVE-2023-42126 G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability
G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the...
CVE-2023-42126
CVE-2023-42126 affects G Data Total Security, specifically the GDBackupSvc service. The flaw allows a local attacker who can run low-privilege code to create a symbolic link that enables the service to write a file with a permissive DACL, enabling privilege escalation to SYSTEM and the execution ...
CVE-2023-42126 G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability
G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the...
CVE-2023-50914
A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy Beta 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction...