26 matches found
CVE-2023-29444
An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their...
EUVD-2021-13521
Malware in sbrugna...
EUVD-2021-13525
Malware in sbrugna...
EUVD-2020-3977
Malware in sbrugna...
EUVD-2021-13524
Malware in sbrugna...
EUVD-2022-50267
Malicious code in bioql PyPI...
EUVD-2023-48159
Malicious code in bioql PyPI...
CVE-2020-11635
The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges...
CVE-2021-26738
Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges...
Path traversal
An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM...
Path traversal
An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their...
CVE-2021-26735
The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges...
CVE-2021-26736
Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges...
CVE-2021-26734
Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context...
Design/Logic Flaw
The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges...
CVE-2021-26738 Privilege Escalation for ZCC macOS via PATH Variable
Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges...
CVE-2021-26734 Junction Delete leading to elevation of privilege
Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context...
CVE-2021-26734 Junction Delete leading to elevation of privilege
Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context...
CVE-2023-43782
Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file, disrupting Cadence...
PT-2023-28981 · Cadence · Cadence
Name of the Vulnerable Software and Affected Versions: Cadence versions through 0.9.2 2023-08-21 Description: The issue arises from Cadence using an insecure temporary file /tmp/cadence-wineasio.reg. If a local adversary creates this file before Cadence starts, Cadence will use it, allowing the...