PT-2023-5216 · N Able · N-Able Take Control Agent

Name of the Vulnerable Software and Affected Versions: N-able Take Control Agent versions 7.0.41.1141 through 7.0.42 Description: The issue is related to a Time-of-Check to Time-of-Use TOCTOU race condition in the BASupSrvcUpdater.exe service, which can be exploited via a pseudo-symlink at...

SUSE CVE-2019-11736

The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during...

CVE-2022-41604

Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. This...

CVE-2022-23743

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading t...