10 matches found
CVE-2026-34462
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...
EUVD-2026-27462
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...
CVE-2025-64699
An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw...
CVE-2025-64699
An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw...
PT-2025-54386
Name of the Vulnerable Software and Affected Versions SevenCs ORCA G2 version 2.0.1.35 EC2007 Kernel v5.22 Description An issue exists where a Security Descriptor with no explicitly configured DACL is applied to a device object by the regService process, which operates with SYSTEM privileges. Thi...
CVE-2025-12683
The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalationonly if chained...
CVE-2025-12683 NULL DACL assigned to Named Pipe communicating with SYSTEM Service
The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalationonly if chained...
CVE-2025-12683 NULL DACL assigned to Named Pipe communicating with SYSTEM Service
The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalationonly if chained...
PT-2025-44963
Name of the Vulnerable Software and Affected Versions Everything affected versions not specified Description The service used by Everything, running with SYSTEM privileges, communicates with the Everything GUI using a named pipe. This named pipe has a NULL Discretionary Access Control List DACL,...
Everything 安全漏洞
Everything is a file search software from Everything open source. A security vulnerability exists in Everything that stems from a named pipe having a NULL DACL, which could lead to a denial-of-service attack or elevation of privilege by a local, low-privileged user...