CVE-2021-40376

otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000...

UBUNTU-CVE-2022-0847

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cach...

CVE-2022-0847

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cach...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel due to a lack of proper initialization of the "flag" variable of the new pipe buffer structure in the copypagetoiterpipe and pushpipe functions in...

CVE-2022-0847

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cach...

ALPINE-CVE-2021-3781

A trivial sandbox enabled with the -dSAFER option escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highes...

CVE-2022-22715

Named Pipe File System Elevation of Privilege Vulnerability...

CVE-2022-22715

Named Pipe File System Elevation of Privilege Vulnerability...

Privilege escalation

Named Pipe File System Elevation of Privilege Vulnerability...

CVE-2022-22715

CVE-2022-22715 corresponds to a Windows Named Pipe File System Elevation of Privilege vulnerability. The Electronically published data indicate a local, low‑privilege attack with no user interaction that could yield high impact to confidentiality, integrity, and availability. The connected record...

CVE-2022-22715 Named Pipe File System Elevation of Privilege Vulnerability

...

CVE-2021-37852

ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM...

CVE-2021-37852

ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM...

GHSA-H39Q-95Q5-9JFP OS Command Injection in ansible

A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by...

Named Pipe File System Elevation of Privilege Vulnerability

...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights...

PT-2022-1678 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the Named Pipe File System component of the Windows operating system and involves insecure privilege management. Exploitation of this issue may allow an attacker to...

KLA12457 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in...

Microsoft Windows Named Pipe File System 数字错误漏洞

Microsoft Windows Named Pipe File System is a named pipe file system from Microsoft Corporation USA. A numeric error vulnerability exists in Microsoft Windows Named Pipe File System. The following products and editions are affected:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 180...

CVE-2022-23805

A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged...