CVE-2022-24141

The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastateiTopVPNPipeServer on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient...

CVE-2022-24141

The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastateiTopVPNPipeServer on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient...

CVE-2022-24141

The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastateiTopVPNPipeServer on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient...

CVE-2022-24139

In IOBit Advanced System Care AscService.exe 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to...

Code injection

In IOBit Advanced System Care AscService.exe 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to...

Design/Logic Flaw

The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastateiTopVPNPipeServer on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient...

CVE-2022-24141

The CVE-2022-24141 vulnerability affects iTop VPN 3.2, specifically the iTopVPNmini.exe component. It can loop connection attempts to the named pipe datastate_iTopVPN_Pipe_Server, allowing an attacker who opens a pipe with the same name to listen for connections and abuse ImpersonateNamedPipeClie...

CVE-2022-24139

The CVE concerns IOBit Advanced System Care, ASCService.exe (version 15). An attacker with SEImpersonatePrivilege can create a named pipe that reuses one of ASCService’s expected named pipe names. ASCService first attempts to connect to the named pipe before creating its pipes, so during login th...

iTop VPN 安全漏洞

iTop VPN is a VPN software from iTop. It allows users to remain anonymous and secure with advanced Salsa20 chacha20 256-bit encryption. A security vulnerability exists in iTop VPN version 3.2, which stems from the iTopVPNmini.exe component attempting to loop through connections to the...

Exploit for Improper Initialization in Linux Linux_Kernel

CVE-2022-0847 Dirty Pipe Exploitation Impact range: =5.8,...

FortiClient (Windows) - Privilege Escalation via directory traversal attack

A relative path traversal vulnerability CWE-23 in FortiClient for Windows may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service...

GSD-2022-1003459 pipe: Fix missing lock in pipe_resize_ring()

pipe: Fix missing lock in piperesizering This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.45 by commit...

GSD-2022-1003190 pipe: Fix missing lock in pipe_resize_ring()

pipe: Fix missing lock in piperesizering This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.13 by commit...

GSD-2022-1003122 drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected

drm/msm/mdp5: Return error code in mdp5piperelease when deadlock is detected This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.14 by commit...

GSD-2022-1002877 pipe: Fix missing lock in pipe_resize_ring()

pipe: Fix missing lock in piperesizering This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.2 by commit...

CVE-2022-23171

AtlasVPN - Privilege Escalation Lack of proper security controls on named pipe messages can allow an attacker with low privileges to send a malicious payload and gain SYSTEM permissions on a windows computer where the AtlasVPN client is installed...

CVE-2022-23171

AtlasVPN - Privilege Escalation Lack of proper security controls on named pipe messages can allow an attacker with low privileges to send a malicious payload and gain SYSTEM permissions on a windows computer where the AtlasVPN client is installed...

CLSA-2022-1655822512 Fixed 6 CVEs in kernel

net: qrtr: fix another OOB Read in qrtrendpointpost CVE-2021-3743 - vt: keyboard: avoid signed integer overflow in kascii CVE-2020-13974 - pNFS/flexfiles: fix incorrect size check in decodenfsfh CVE-2021-4157 - esp: Fix possible buffer overflow in ESP transformation CVE-2022-27666 - sock: remove...

AtlasVPN 安全漏洞

AtlasVPN is a free VPN application from AtlasVPN, Inc. A security vulnerability exists in versions prior to AtlasVPN 2.42, which stems from a lack of proper security controls over named pipe messages, and is exploited by an attacker to gain privileges on a Windows computer with the AtlasVPN clien...

CVE-2022-23171

AtlasVPN - Privilege Escalation Lack of proper security controls on named pipe messages can allow an attacker with low privileges to send a malicious payload and gain SYSTEM permissions on a windows computer where the AtlasVPN client is installed...