Total
484 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27769 | 1 Wondershare | 1 Pdf Reader | 2023-12-10 | N/A | 7.8 HIGH |
| An issue found in Wondershare Technology Co.,Ltd PDF Reader v.1.0.1 allows a remote attacker to execute arbitrary commands via the pdfreader_setup_full13143.exe file. | |||||
| CVE-2023-27766 | 1 Wondershare | 1 Anireel | 2023-12-10 | N/A | 7.8 HIGH |
| An issue found in Wondershare Technology Co.,Ltd Anireel 1.5.4 allows a remote attacker to execute arbitrary commands via the anireel_setup_full9589.exe file. | |||||
| CVE-2023-34144 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 7.8 HIGH |
| An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34145. | |||||
| CVE-2023-27761 | 1 Wondershare | 1 Uniconverter | 2023-12-10 | N/A | 7.8 HIGH |
| An issue found in Wondershare Technology Co., Ltd UniConverter v.14.0.0 allows a remote attacker to execute arbitrary commands via the uniconverter14_64bit_setup_full14204.exe file. | |||||
| CVE-2023-27763 | 1 Wondershare | 1 Mobiletrans | 2023-12-10 | N/A | 7.8 HIGH |
| An issue found in Wondershare Technology Co.,Ltd MobileTrans v.4.0.2 allows a remote attacker to execute arbitrary commands via the mobiletrans_setup_full5793.exe file. | |||||
| CVE-2023-34145 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 7.8 HIGH |
| An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34144. | |||||
| CVE-2023-36536 | 1 Zoom | 1 Rooms | 2023-12-10 | N/A | 7.8 HIGH |
| Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. | |||||
| CVE-2023-27764 | 1 Wondershare | 1 Repairit | 2023-12-10 | N/A | 7.8 HIGH |
| An issue found in Wondershare Technology Co.,Ltd Repairit v.3.5.4 allows a remote attacker to execute arbitrary commands via the repairit_setup_full5913.exe file. | |||||
| CVE-2023-26358 | 1 Adobe | 1 Creative Cloud | 2023-12-10 | N/A | 7.8 HIGH |
| Creative Cloud version 5.9.1 (and earlier) is affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts. | |||||
| CVE-2023-27762 | 1 Wondershare | 1 Democreator | 2023-12-10 | N/A | 7.8 HIGH |
| An issue found in Wondershare Technology Co., Ltd DemoCreator v.6.0.0 allows a remote attacker to execute arbitrary commands via the democreator_setup_full7743.exe file. | |||||
| CVE-2023-27770 | 1 Wondershare | 1 Edraw-max | 2023-12-10 | N/A | 7.8 HIGH |
| An issue found in Wondershare Technology Co.,Ltd Edraw-max v.12.0.4 allows a remote attacker to execute arbitrary commands via the edraw-max_setup_full5371.exe file. | |||||
| CVE-2023-27765 | 1 Wondershare | 1 Recoverit | 2023-12-10 | N/A | 7.8 HIGH |
| An issue found in Wondershare Technology Co.,Ltd Recoverit v.10.6.3 allows a remote attacker to execute arbitrary commands via the recoverit_setup_full4134.exe file. | |||||
| CVE-2023-22743 | 1 Git For Windows Project | 1 Git For Windows | 2023-12-10 | N/A | 7.3 HIGH |
| Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading said DLL. This potentially allows users with local write access to place malicious payloads in a location where automated upgrades might run the Git for Windows installer with elevation. Version 2.39.2 contains a patch for this issue. Some workarounds are available. Never leave untrusted files in the Downloads folder or its sub-folders before executing the Git for Windows installer, or move the installer into a different directory before executing it. | |||||
| CVE-2023-26036 | 1 Zoneminder | 1 Zoneminder | 2023-12-10 | N/A | 9.8 CRITICAL |
| ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/index.php. By controlling $view, any local file ending in .php can be executed. This is supposed to be mitigated by calling detaintPath, however dentaintPath does not properly sandbox the path. This can be exploited by constructing paths like "..././", which get replaced by "../". This issue is patched in versions 1.36.33 and 1.37.33. | |||||
| CVE-2023-23618 | 1 Git For Windows Project | 1 Git For Windows | 2023-12-10 | N/A | 7.8 HIGH |
| Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when `gitk` is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running untrusted code. A patch is available in version 2.39.2. As a workaround, avoid using `gitk` (or Git GUI's "Visualize History" functionality) in clones of untrusted repositories. | |||||
| CVE-2022-23748 | 2 Audinate, Microsoft | 2 Dante Application Library, Windows | 2023-12-10 | N/A | 7.8 HIGH |
| mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files. | |||||
| CVE-2023-26038 | 1 Zoneminder | 1 Zoneminder | 2023-12-10 | N/A | 6.5 MEDIUM |
| ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/ajax/modal.php, where an arbitrary php file path can be passed in the request and loaded. This issue is patched in versions 1.36.33 and 1.37.33. | |||||
| CVE-2022-38060 | 1 Openstack | 1 Kolla | 2023-12-10 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges. | |||||
| CVE-2023-23920 | 2 Debian, Nodejs | 2 Debian Linux, Node.js | 2023-12-10 | N/A | 4.2 MEDIUM |
| An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges. | |||||
| CVE-2022-41953 | 2 Git-scm, Microsoft | 2 Git, Windows | 2023-12-10 | N/A | 7.8 HIGH |
| Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it, among other things running a spell checker called `aspell.exe` if it was found. Git GUI is implemented as a Tcl/Tk script. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable _always includes the current directory_. Therefore, malicious repositories can ship with an `aspell.exe` in their top-level directory which is executed by Git GUI without giving the user a chance to inspect it first, i.e. running untrusted code. This issue has been addressed in version 2.39.1. Users are advised to upgrade. Users unable to upgrade should avoid using Git GUI for cloning. If that is not a viable option, at least avoid cloning from untrusted sources. | |||||