HackAndPwn
Security & Vulnerability Researcher / Professional Penetration Tester

Home

  • CVE-2022-29093

    Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system.


  • CVE-2022-26865

    Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator.


  • CVE-2022-28247

    Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local privilege escalation. Exploitation of this issue requires user interaction in that a victim must run the uninstaller with Admin privileges.


  • CVE-2022-24767

    Git for Windows is a fork of Git containing Windows-specific patches. Since part of Git for Windows’ uninstaller is copied into the current user’s temporary directory and run in that place, it is important to ensure that there are no malicious .dll file in that directory that might be loaded as part of loading the executable. However, the default system settings for TMP and TEMP are to point to C:\Windows\Temp, a folder that is world-writable (for historical reasons), and the SYSTEM user account inherits those settings. This means that any authenticated user can place malicious .dll files that are loaded when Git for Windows’ uninstaller is run via the SYSTEM account. Fixes are available in Git for Windows v2.35.2 or newer. Users unable to upgrade may override SYSTEM’s TMP environment variable to point to a directory exclusively under SYSTEM’s control before running the uninstaller, clear C:\Windows\Temp of all .dll files before running the uninstaller, or run the uninstaller under an admin account rather than SYSTEM as a workaround.


  • CVE-2022-22665

    Apple macOS AppKit - A malicious application may be able to gain root privileges.



     Page: 3 of 13     
buy me a coffee