This issue is patched in RELEASE.T20-16-18Z. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to `PutObject` in a specific bucket, can create an admin user. MinIO fails to filter the `\` character, which allows for arbitrary object placement across buckets. All users on Windows prior to version RELEASE.T20-16-18Z are impacted. Minio is a Multi-Cloud Object Storage framework. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system. Alternatively, watch out for malicious `:\etc\connectrc` files on multi-user machines.Īn issue was discovered in Veritas NetBackup before 10.0 on Windows. As a workaround, create the folder `etc` on all drives where Git commands are run, and remove read/write access from those folders. The problem has been patched in Git for Windows v2.40.1. Since `C:\etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed there by other users on the same multi-user machine. The location of `connect.exe`'s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:\etc\connectrc`. to SSH servers via proxies when certain ports are blocked for outgoing connections. Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Git for Windows is the Windows port of Git. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application. A successful attack depends on various preconditions beyond the attackers control.ģCX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. IBM X-Force ID: 251991.Ī Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup (Software Installation Program) - version 9.0, resulting in a privilege escalation running code as administrator of the very same Windows PC. IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. Windows MSHTML Platform Security Feature Bypass Vulnerability Windows OLE Remote Code Execution Vulnerability SysInternals Sysmon for Windows Elevation of Privilege Vulnerability Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.ĬyberGhostVPN Windows Client before v8.5 was discovered to contain a DLL injection vulnerability via the component Dashboard.exe. SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file.
0 Comments
Leave a Reply. |