The Microsoft Windows kernel suffers from multiple security issues in the key replication feature of registry virtualization.
c3387e7bd189cc7e8d8449ad27e2b524a0fc939d2cc467c5961cc148cdbb9019
The Microsoft Windows kernel suffers from a use-after-free vulnerability due to a dangling registry link node under paged pool memory pressure.
54ec3add551cac7b508b2e8157d5a658c016115390f2b327d14cac78af270263
Microsoft Windows suffers from a kernel memory corruption due to an insufficient handling of predefined keys in registry virtualization.
ded3419927998aaa3da4fea3f80263227d729920c448e2a3cf6f50b41f8c867d
Debian Linux Security Advisory 5336-1 - Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitizing in the handling of VMDK images in Glance, the OpenStack image registry and delivery service, may result in information disclosure.
bc6ab4a0b7055df6421e280d8c79365890cc6208df474d9e8eea9c6511672a72
Red Hat Security Advisory 2022-7959-01 - guestfs-tools is a set of tools that can be used to make batch configuration changes to guests, get disk used/free statistics, perform backups and guest clones, change registry/UUID/hostname info, build guests from scratch, and much more. Issues addressed include buffer overflow and denial of service vulnerabilities.
84f717188daaafb47b18fa949c32a7a99c52fdbbdf226cfa0825865958b6de45
The Windows kernel suffers from out-of-bounds reads and other issues when operating on long registry key and value names.
8b59c6140909e13954c81f8ebbddfeb70a1e3eaf5675031e13f783c0db187379
The Windows kernel suffers from multiple memory corruption vulnerabilities when operating on very long registry paths.
98287a2f682dd844bcaa8bbc51f70cb0d694e997a42fcb83f27b010fb379d61d
The Windows Kernel suffers from a memory corruption vulnerability due to type confusion of subkey index leaves in registry hives.
5243d82498c43a219718d01db84be2571a427237b6a4a54d1f50e487c8526fea
The Windows kernel registry suffers from a use-after-free vulnerability due to bad handling of failed reallocations under memory pressure.
8bfa22378d9e50ef4b418d4748365b0da33423d42dc3533797aebf4653bedc6d
The Windows Kernel suffers from integer overflow vulnerabilities in its registry subkey lists leading to memory corruption.
4f2712bf388769633e54ee7cdd01205295aa838cb4c905e9fab301e7f201a73e
Red Hat Security Advisory 2022-6835-01 - This release of Red Hat Integration - Service registry 2.3.0.GA serves as a replacement for 2.0.3.GA, and includes the below security fixes. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and privilege escalation vulnerabilities.
e74328b6f49a71e8a4f60fb74ad9b6b09cb32b24b7b0fd468d39f217ac93fb95
The Windows kernel suffers from multiple memory problems when handling incorrectly formatted security descriptors in registry hives.
293c30cffcbb94043ce3d944e538e450e3725f0cfaac4a97ac6e1fd8f5cb1152
The Windows kernel suffers from a use-after-free vulnerability due to a refcount overflow in the registry hive security descriptors.
887d2c7083667658525f99cb11e9070e5fce0488ac2056ebd3b6c51b176ad7c3
On Windows, when registered to use a public key for computer authentication, the certificate is stored in a user accessible registry key leading to elevation of privilege.
1feeee68d37491874f775b215beec9a53d02ac93f453ad09df73f1cd980977f8
An "Incorrect Use of a Privileged API" vulnerability in PrintixService.exe in Printix's "Printix Secure Cloud Print Management" versions 1.3.1106.0 and below allows a local or remote attacker the ability change all HKEY Windows Registry values as SYSTEM context via the UITasks.PersistentRegistryData parameter.
e26119f8d98f860e7ac7059a0d25e15dfc9acdbc0d49faa1f612da8efaf64cdc
The Windows Print Spooler has a privilege escalation vulnerability that can be leveraged to achieve code execution as SYSTEM. The SpoolDirectory, a configuration setting that holds the path that a printer's spooled jobs are sent to, is writable for all users, and it can be configured via SetPrinterDataEx() provided the caller has the PRINTER_ACCESS_ADMINISTER permission. If the SpoolDirectory path does not exist, it will be created once the print spooler reinitializes. Calling SetPrinterDataEx() with the CopyFiles\ registry key will load the dll passed in as the pData argument, meaning that writing a dll to the SpoolDirectory location can be loaded by the print spooler. Using a directory junction and UNC path for the SpoolDirectory, the exploit writes a payload to C:\Windows\System32\spool\drivers\x64\4 and loads it by calling SetPrinterDataEx(), resulting in code execution as SYSTEM.
3e62199fe39127be4320ed28c4a8d52211edb9c506d1e42a0aba3faef33cb58c
Red Hat Security Advisory 2022-0501-01 - This release of Red Hat Integration - Service registry 2.0.3.GA serves as a replacement for 2.0.2.GA, and includes the below security fixes. Issues addressed include an information leakage vulnerability.
83eb7f9ca68d2408390c8d7bf2cc3097aaa41d5957178dfd4e7dbd8d2976ef0b
Ubuntu Security Notice 5134-1 - An information disclosure issue was discovered in the command line interface of Docker. A misconfigured credential store could result in supplied credentials being leaked to the public registry, when using the docker login command with a private registry.
11a8fd969279dac2404fecd3abcaa6f718532bed6e35975931b2093909c3f708
Red Hat Security Advisory 2021-4100-01 - This release of Red Hat Integration - Service registry 2.0.2.GA serves as a replacement for 2.0.1.GA, and includes the below security fixes. Issues addressed include a cross site scripting vulnerability.
deae863e269d799eb30005e5bf746b6f54654a78cb414a871c14378bede66a03
Red Hat Security Advisory 2021-3338-01 - Hivex is a library that can read and write Hive files, undocumented binary files that Windows uses to store the Windows Registry on disk.
d7b8ab43b6a11fa3a73aa39a2179e478b424b0fed97e5b13da075a51804f6e2d
Red Hat Security Advisory 2021-2318-01 - Hivex is a library that can read and write Hive files, undocumented binary files that Windows uses to store the Windows Registry on disk. Issues addressed include a buffer overflow vulnerability.
95de8f82623974b997f2b17f65bef747bdceab7ab0871d416c93315905dcfbef
Debian Linux Security Advisory 4913-1 - Jemery Galindo discovered an out-of-bounds memory access in Hivex, a library to parse Windows Registry hive files.
d5975d6183305aa7875bda6e752956e293def2561c07d0ff9a6e81105723d04c
Red Hat Security Advisory 2021-2039-01 - This release of Red Hat Integration - Service registry 1.1.1.GA serves as a replacement for 1.1.0.GA, and includes the below security fixes. Issues addressed include XML injection and remote SQL injection vulnerabilities.
016baf810f0fc092f71233e8a3a373f15cd931df73eb2a65bb7e42e8e6050a8a
Microsoft Windows Containers Host Registry Virtual Registry Provider does not correctly handle relative opens leading to a process in a server silo being able to access the host registry leading to elevation of privilege.
3a9b2da40f527338ce39bbd5dce9bee31cef6c99a0ff4669322be1889064b788
Microsoft Windows has a privilege escalation vulnerability. When a process is running in a server silo, the checks for trusted hive registry key symbolic links is disabled leading to elevation of privilege.
6bfe0cdda02d4fbe057af9ecc41a80c96bb55fbaab78a5397b48afe2eb1905a5