all InfoSec news
CVE-2023-45159 (client)
Oct. 5, 2023, 11:15 a.m. |
National Vulnerability Database web.nvd.nist.gov
A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available Q23092 that forces the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID.
check clear client cve deletion directory file files installer link non point privileged privileged user service startup windows
More from web.nvd.nist.gov / National Vulnerability Database
CVE-2023-21380 (android)
6 months ago |
web.nvd.nist.gov
CVE-2023-21381 (android)
6 months ago |
web.nvd.nist.gov
Jobs in InfoSec / Cybersecurity
Sr Security Engineer - Colombia
@ Nubank | Colombia, Bogota
Security Engineer, Investigations - i3
@ Meta | Menlo Park, CA | Washington, DC | Remote, US
Cyber Security Engineer
@ ASSYSTEM | Bridgwater, United Kingdom
Security Analyst
@ Northwestern Memorial Healthcare | Chicago, IL, United States
GRC Analyst
@ Richemont | Shelton, CT, US
Security Specialist
@ Peraton | Government Site, MD, United States