CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-45160 – Elevated Temp Directory Execution in 1E Client
https://notcve.org/view.php?id=CVE-2023-45160
05 Oct 2023 — In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked down in the released patch. Resolution: This has been fixed in patch Q23094 This issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Su... • https://1e.my.site.com/s • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-45159 – 1E Client installer can perform arbitrary file deletion on protected files
https://notcve.org/view.php?id=CVE-2023-45159
05 Oct 2023 — 1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available from the 1E support portal that forces the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID. for v8.1 use hotfix Q23097 for v8.4 use hotf... • https://www.1e.com/trust-security-compliance/cve-info • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3892 – Unsafe XML parsing of 3rd party DICOM private tags may lead to XXE
https://notcve.org/view.php?id=CVE-2023-3892
19 Sep 2023 — Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup. In order to take advantage of this vulnerability, an attacker must craft a malicious XML document, embed this document into specific 3rd party private RTst metadata tags, transfer the now compromised DICOM object to MIM, and force MIM to archive and load the data. Users on either version are strongly encouraged to update to an un... • https://www.mimsoftware.com/cve-2023-3892 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27645
https://notcve.org/view.php?id=CVE-2020-27645
29 Dec 2020 — The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges. El módulo Inventory del 1E Client versión 5.0.0.745, no maneja una ruta sin comillas cuando se ejecuta %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. Esto puede permitir a los usuarios locales y los usuarios autenticados remotos obtener privilegios elevado... • https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645 • CWE-428: Unquoted Search Path or Element •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27644
https://notcve.org/view.php?id=CVE-2020-27644
29 Dec 2020 — The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%\Temp\. El módulo Inventory de 1E Client versión 5.0.0.745, no maneja una ruta sin comillas al ejecutar %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. Esto puede permitir a los usuarios locales y los usua... • https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645 • CWE-428: Unquoted Search Path or Element •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27643
https://notcve.org/view.php?id=CVE-2020-27643
29 Dec 2020 — The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation. El directorio %PROGRAMDATA%\1E\Client en 1E Client versiones 5.0.0.745 y 4.1.0.267, permite a los usuarios autenticados remotos y a los usuarios locales crear y ... • https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-16268
https://notcve.org/view.php?id=CVE-2020-16268
29 Dec 2020 — The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disable the installation of the Nomad module. An attacker may craft a .reg file in a specific location that will be able to write to any registry key as an elevated user. El instalador MSI en 1E Client versiones 4.1.0.267 y 5.0.0.745, permite a los usuarios autenticados remotos ... • https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7687 – Client for OES Elevation of Privilege via Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-7687
21 May 2018 — The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys. Micro Focus Client for OES, en versiones anteriores a la 2 SP4 IR8a, tiene una vulnerabilidad que podría permitir que un atacante local eleve sus privilegios mediante un desbordamiento de búfer en ncfsd.sys. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Micro Focus Client for Open Enterprise ... • https://bugzilla.novell.com/show_bug.cgi?id=1093607 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3705
https://notcve.org/view.php?id=CVE-2013-3705
22 Dec 2013 — The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on Windows allows local users to cause a denial of service (bugcheck and BSOD) via an IOCTL call for an invalid IOCTL. El componente VBA32 AntiRootKit para Novell Client 2 SP3 anteriores a IR5 en Windows permite a usuarios locales causar una denegación de servicio (bugcheck y BSOD) a través de una llamada IOCTL para un IOCTL inválido. • http://download.novell.com/Download?buildid=gCT45TxxTHQ~ • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 4%CPEs: 11EXPL: 5CVE-2013-3956 – Novell Client 2 SP3 - 'nicm.sys 3.1.11.0' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-3956
31 Jul 2013 — The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call. El controlador del kernel NICM.SYS 3.1.11.0 en Novell Client 4.91 SP5 sobre Windows XP and Windows Server 2003; Novell Client 2 SP2 sobre Windows Vista y Windows Server 2008; y No... • https://www.exploit-db.com/exploits/27191 • CWE-264: Permissions, Privileges, and Access Controls •