Windows Collaborative Translation Framework Elevation of Privilege Vulnerability
#TECHSMITH SNAGIT 10.0.2 DRIVER#
Windows Bus Filter Driver Elevation of Privilege Vulnerability Windows Container Manager Service Elevation of Privilege Vulnerability This issue is also tracked as GHSL-2023-088. There are no known workarounds for this vulnerability. This issue has been addressed in commit `b8a8f029` and in release version 4.38.2. An attacker targeting such an application may be able to read the files of any Windows user on the host machine and certain system files. The Ombi `documentation` suggests running Ombi as a Service with Administrator privileges. This vulnerability can lead to information disclosure. In addition, by specifying an absolute path for `arg3`, `Path.Combine` will completely ignore the first two arguments and just return just `arg3`.
When using `Path.Combine(arg1, arg2, arg3)`, an attacker may be able to escape to folders/files outside of `Path.Combine(arg1, arg2)` by using "." in `arg3`. The arbitrary file read vulnerability was present in `ReadLogFile` and `Download` endpoints in `SystemControllers.cs` as the parameter `logFileName` is not sanitized before being combined with the `Logs` directory. Ombi administrators may not always be local system administrators and so this may violate the security expectations of the system. Versions prior to 4.38.2 contain an arbitrary file read vulnerability where an Ombi administrative user may access files available to the Ombi server process on the host operating system. Ombi is an open source application which allows users to request specific media from popular self-hosted streaming servers.
#TECHSMITH SNAGIT 10.0.2 PC#
This is fixed in 12.1.2.Ĭertain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege.
#TECHSMITH SNAGIT 10.0.2 PDF#
Insufficient verification of data authenticity in Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.įoxit PDF Reader (12.9 and earlier) and Foxit PDF Editor (12.9 and all previous 12.x versions, 11.5 and all previous 11.x versions, and 10.6 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges. Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access. Improper input validation in the installer for Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.
0 kommentar(er)
