CVE-2023-39520

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM...

CVE-2023-49147

An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions e.g., an oplock on faxPrnInst.log to open...

CVE-2022-49168 btrfs: do not clean up repair bio if submit fails

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit fails The submit helper will always run bioendio on the bio if it fails to submit, so cleaning up the bio just leads to a variety of use-after-free and NULL pointer dereference bugs...

CVE-2022-49168

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit fails The submit helper will always run bioendio on the bio if it fails to submit, so cleaning up the bio just leads to a variety of use-after-free and NULL pointer dereference bugs...

CVE-2024-25083

An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges...

CVE-2023-49147

An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions e.g., an oplock on faxPrnInst.log to open...

CVE-2023-49147

An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions e.g., an oplock on faxPrnInst.log to open...

Code injection

An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions e.g., an oplock on faxPrnInst.log to open...

PT-2023-31066 · Pdf24 · Pdf24 Creator

Name of the Vulnerable Software and Affected Versions: PDF24 Creator version 11.14.0 Description: An issue was discovered in the configuration of the msi installer file of PDF24 Creator, which produces a visible cmd.exe window when using the repair function of msiexec.exe. This allows an...

PT-2023-29744 · Qumu · Qumu Multicast Extension V2

Name of the Vulnerable Software and Affected Versions: Qumu Multicast Extension v2 versions prior to 2.0.63 Description: A privilege escalation issue exists within the Qumu Multicast Extension v2 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTE...

SonicWALL NetExtender Security Vulnerabilities

SonicWALL NetExtender is a software application from SonicWALL USA that allows remote users to connect to remote networks in a secure manner. Provides simple and secure access for Windows and Linux users. A security vulnerability exists in SonicWALL NetExtender that stems from the presence of a...

PT-2023-5681 · Sonicwall · Sonicwall Net Extender Msi Client

Name of the Vulnerable Software and Affected Versions: SonicWall Net Extender MSI client for Windows versions 10.2.336 and earlier Description: A local privilege escalation issue in the SonicWall Net Extender MSI client allows a local low-privileged user to gain system privileges through running...

CVE-2023-39520

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM...

CVE-2023-39520 Cryptomator vulnerable to Local Elevation of Privileges

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM...

PT-2023-26992 · Unknown · Cryptomator

Name of the Vulnerable Software and Affected Versions: Cryptomator version 1.9.2 Description: Cryptomator encrypts data being stored on cloud infrastructure. The issue allows local privilege escalation for low privileged users via the repair function. This occurs because the repair function of th...

Cryptomator Security Breach

Cryptomator is a simple digital self-defense tool from the Cryptomator community. It is used to protect data. A security vulnerability exists in Cryptomator version 1.9.2, which stems from allowing low-privileged users to perform local privilege escalation via the REPAIR function...

PT-2023-26176 · Unknown · Cryptomator

Name of the Vulnerable Software and Affected Versions: Cryptomator versions prior to 1.9.2 Description: The issue affects data encryption software for cloud storage, allowing local privilege escalation for low-privileged users if the software is already installed. This occurs because the repair...

App Layering/Unidesk: If user logs in before Office activation script runs, Office licensing will break

When a user logs in and runs an Office component, they may immediately see "Please wait while setup configures microsoft office", which will run a repair function, which will fail. If they have Lync installed, then that Office component might run immediately without any interaction from them. Or...

Microsoft Windows XP - .Manifest Denial of Service

Microsoft Windows XP - .Manifest Denial of Service source: https://www.securityfocus.com/bid/3942/info To enable desktop skinning, Microsoft Windows XP uses '.manifest' files '.exe.manifest'. This file contains XML code that tells Windows XP to use the XP controls. Due to a flaw, Windows XP fails...