149 matches found
SUSE CVE-2020-15663
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to ...
SUSE CVE-2021-3501
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and...
Zoom Client for Meetings < 5.3.2 Vulnerability (ZSB-21004)
The version of Zoom Client for Meetings installed on the remote host is prior to 5.3.2. It is, therefore, affected by a vulnerability as referenced in the ZSB-21004 advisory. - A user-writable directory created during the installation of the Zoom Client for Meetings for Windows version prior to...
Zoom Client < 5.3.2 Privilege Escalation Vulnerability (ZSB-21004) - Windows
Zoom Client is prone to a privilege escalation vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...
CVE-2021-34410
A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root...
CVE-2021-34408
The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. This could allow for potential privilege escalation if a link was created between the user writable...
CVE-2021-34408
The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. This could allow for potential privilege escalation if a link was created between the user writable...
CVE-2021-34410
A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root...
seatd-launch -- privilege escalation with SUID
Kenny Levinsen reports: seatd-launch used execlp, which reads the PATH environment variable to search for the requested executable, to execute seatd. This meant that the caller could freely control what executable was loaded by adding a user-writable directory to PATH. If seatd-launch had the SUI...
Microsoft Windows UAC Privilege Escalation Vulnerability
Hi @ll, Microsoft still ships Windows with and lets it create user-writable directories below the "Windows" directory %SystemRoot%\ -- despite that, with exception of %SystemRoot%\Temp, they are all used to store DATA and SHOULD have been placed below %ProgramData% alias %SystemDrive%\ProgramData...
Microsoft Windows UAC Privilege Escalation
Hi @ll, Microsoft still ships Windows with and lets it create user-writable directories below the "Windows" directory %SystemRoot%\ -- despite that, with exception of %SystemRoot%\Temp, they are all used to store DATA and SHOULD have been placed below %ProgramData% alias %SystemDrive%\ProgramData...
CVE-2020-24559
A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as roo...
CVE-2020-24559
A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as roo...
CVE-2020-11081
osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables...
CVE-2020-11081
osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables...
CVE-2020-11081 osquery susceptible to DLL search order hijacking of zlib1.dll
osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables...
PT-2020-12538 · Facebook · Osquery
Name of the Vulnerable Software and Affected Versions: osquery versions prior to 4.4.0 Description: The issue allows for a privilege escalation. If a Windows system has a PATH containing a user-writable directory, a local user can create a zlib1.dll DLL that osquery will attempt to load, enabling...
Design/Logic Flaw
Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process with the user's privileges to obtain root access by replacing runwithroot...
CVE-2019-11528
An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable...
CVE-2019-11528
An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable...