CVE-2022-4956
published 2023-09-30CVE-2022-4956: A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The…
PriorityP343high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.39%
30.6th percentile
A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 19.7.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-240903.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| caphyon | advanced_installer | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:L/AC:L/Au:S/C:C/I:C/A:C
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3w3w-2hqv-65f8: A vulnerability classified as critical has been found in Caphyon Advanced Installer 19
ghsa_unreviewed·2023-09-30
CVE-2022-4956 [HIGH] CWE-427 GHSA-3w3w-2hqv-65f8: A vulnerability classified as critical has been found in Caphyon Advanced Installer 19
A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 19.7.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-240903.
Red Hat
vim: buffer over-read in grab_file_name() in findfile.c
vendor_redhat·2022-05-13·CVSS 7.8
CVE-2022-1720 [HIGH] CWE-126 vim: buffer over-read in grab_file_name() in findfile.c
vim: buffer over-read in grab_file_name() in findfile.c
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with "gf" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.
Statement: Red Hat Product Security has rated this issue as having a Low security impact because the "victim" has to run an untrus
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://heegong.github.io/posts/Advaned-Installer-Local-Privilege-Escalation-Vulnerability/https://vuldb.com/?ctiid.240903https://vuldb.com/?id.240903https://www.advancedinstaller.com/release-19.7.1.html#bugfixeshttps://heegong.github.io/posts/Advaned-Installer-Local-Privilege-Escalation-Vulnerability/https://vuldb.com/?ctiid.240903https://vuldb.com/?id.240903https://www.advancedinstaller.com/release-19.7.1.html#bugfixes
2023-09-30
Published