153 matches found
PT-2024-19880 · Zscaler · Zscaler Client Connector
Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector versions prior to 4.2.0.190 Description: The issue is related to a missing reparse point check while copying individual autoupdater log files. This could result in crafted attacks, potentially leading to a local...
expat: parsing large tokens can trigger a denial of service
A flaw was found in Expat libexpat. When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service...
Exploit for Out-of-bounds Read in Microsoft
Information ============== Windows Kernel Pool clfs.sys Cor...
November 14, 2023—KB5032196 (OS Build 17763.5122) - EXPIRED
November 14, 2023—KB5032196 OS Build 17763.5122 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. 11/17/20 For...
CVE-2023-31017
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information...
CVE-2023-31017
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information...
Design/Logic Flaw
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information...
CVE-2023-31017 CVE
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information...
CVE-2023-31017 CVE
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information...
CVE-2023-31017
CVE-2023-31017 : NVIDIA GPU Display Driver for Windows contains a vulnerability that allows an attacker to write arbitrary data to privileged locations via reparse points, potentially enabling code execution, DoS, privilege escalation, information disclosure, or data tampering. Public documentati...
Hackers Can Exploit Windows Container Isolation Framework to Bypass Endpoint Security
New findings show that malicious actors could leverage a sneaky malware detection evasion technique and bypass endpoint security solutions by manipulating the Windows Container Isolation Framework. The findings were presented by Deep Instinct security researcher Daniel Avinoam at the DEF CON...
PT-2023-6812 · Nvidia · Nvidia Gpu Display Driver
Name of the Vulnerable Software and Affected Versions: NVIDIA GPU Display Driver for Windows affected versions not specified Description: The issue allows an attacker to write arbitrary data to privileged locations by using reparse points. A successful exploit may lead to code execution, denial o...
SUSE CVE-2018-11728
The libfsntfsreparsepointvaluesreaddata function in libfsntfsreparsepointvalues.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure heap-based buffer over-read via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs iss...
[SECURITY] Fedora 35 Update: ntfs-3g-system-compression-1.0-9.fc35
System compression, also known as "Compact OS", is a Windows feature that allows rarely modified files to be compressed using the XPRESS or LZX compression formats. It is not built directly into NTFS but rather is implemented using reparse points. This feature appeared in Windows 10 and it appear...
March 8, 2022—KB5011487 (OS Builds 19042.1586, 19043.1586, and 19044.1586)
March 8, 2022—KB5011487 OS Builds 19042.1586, 19043.1586, and 19044.1586 EXPIRATION NOTICEIMPORTAN T As of 9/12/2023, this KB is only available from Windows Update. It is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to...
CVE-2020-23315
There is an ASSERTION pFuncBody-GetYieldRegister == oldYieldRegister failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta...
CVE-2020-23315
There is an ASSERTION pFuncBody-GetYieldRegister == oldYieldRegister failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta...
[SECURITY] Fedora 33 Update: ntfs-3g-system-compression-1.0-7.fc33
System compression, also known as "Compact OS", is a Windows feature that allows rarely modified files to be compressed using the XPRESS or LZX compression formats. It is not built directly into NTFS but rather is implemented using reparse points. This feature appeared in Windows 10 and it appear...
The vulnerability of Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Small Office Security, and Kaspersky Security Cloud antivirus protection lies in their handling of symbolic links, which allows a malicious user to delete any file in the system.
The vulnerability of Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Small Office Security, and Kaspersky Security Cloud antivirus programs is related to errors in processing symbolic links. Exploiting this vulnerability can allow an attacker to delete any...
The vulnerability of the Master Configuration Wizard component of Kaspersky’s antivirus protection tools—Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Small Office Security, and Kaspersky Security Cloud—allows a perpetrator to delete any file in the system.
The vulnerability of the Master Configuration Wizard component of Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Small Office Security, and Kaspersky Security Cloud antivirus products is related to errors in processing symbolic links. Exploiting this...