Total
521 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36403 | 1 Ricoh | 1 Device Software Manager | 2024-08-03 | 7.8 High |
| Untrusted search path vulnerability in the installer of Device Software Manager prior to Ver.2.20.3.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2022-36070 | 2 Microsoft, Python-poetry | 2 Windows, Poetry | 2024-08-03 | 7.3 High |
| Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. `git config`. These commands are being executed using the executable’s name and not its absolute path. This can lead to the execution of untrusted code due to the way Windows resolves executable names to paths. Unlike Linux-based operating systems, Windows searches for the executable in the current directory first and looks in the paths that are defined in the `PATH` environment variable afterward. This vulnerability can lead to Arbitrary Code Execution, which would lead to the takeover of the system. If a developer is exploited, the attacker could steal credentials or persist their access. If the exploit happens on a server, the attackers could use their access to attack other internal systems. Since this vulnerability requires a fair amount of user interaction, it is not as dangerous as a remotely exploitable one. However, it still puts developers at risk when dealing with untrusted files in a way they think is safe. The victim could also not protect themself by vetting any Git or Poetry config files that might be present in the directory, because the behavior is undocumented. Versions 1.1.9 and 1.2.0b1 contain patches for this issue. | ||||
| CVE-2022-29583 | 2 Microsoft, Service Project | 2 Windows, Service | 2024-08-03 | 7.8 High |
| service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory. NOTE: this finding could not be reproduced by its original reporter or by others. | ||||
| CVE-2022-31012 | 1 Gitforwindows | 1 Git | 2024-08-03 | 8.2 High |
| Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into `C:\mingw64\bin\git.exe` by mistake. This only happens upon a fresh install, not when upgrading Git for Windows. A patch is included in version 2.37.1. Two workarounds are available. Create the `C:\mingw64` folder and remove read/write access from this folder, or disallow arbitrary authenticated users to create folders in `C:\`. | ||||
| CVE-2022-28964 | 1 Avast | 1 Premium Security | 2024-08-03 | 7.1 High |
| An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file. | ||||
| CVE-2022-26183 | 2 Microsoft, Pnpm | 2 Windows, Pnpm | 2024-08-03 | 8.8 High |
| PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS. | ||||
| CVE-2022-26184 | 2 Microsoft, Python-poetry | 2 Windows, Poetry | 2024-08-03 | 9.8 Critical |
| Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS. | ||||
| CVE-2022-25366 | 1 Cryptomator | 1 Cryptomator | 2024-08-03 | 7.8 High |
| Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious .dylib file that can be executed via the DYLD_INSERT_LIBRARIES environment variable. | ||||
| CVE-2022-24826 | 1 Git Large File Storage Project | 1 Git Large File Storage | 2024-08-03 | 9.8 Critical |
| On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. Similarly, if the malicious repository contains files named `..exe` and `cygpath.exe`, and `cygpath.exe` is not found in `PATH`, the `..exe` program will be executed when certain Git LFS commands are run. More generally, if the current working directory contains any file with a base name of `.` and a file extension from `PATHEXT` (except `.bat` and `.cmd`), and also contains another file with the same base name as a program Git LFS intends to execute (such as `git`, `cygpath`, or `uname`) and any file extension from `PATHEXT` (including `.bat` and `.cmd`), then, on Windows, when Git LFS attempts to execute the intended program the `..exe`, `..com`, etc., file will be executed instead, but only if the intended program is not found in any directory listed in `PATH`. The vulnerability occurs because when Git LFS detects that the program it intends to run does not exist in any directory listed in `PATH` then Git LFS passes an empty string as the executable file path to the Go `os/exec` package, which contains a bug such that, on Windows, it prepends the name of the current working directory (i.e., `.`) to the empty string without adding a path separator, and as a result searches in that directory for a file with the base name `.` combined with any file extension from `PATHEXT`, executing the first one it finds. (The reason `..bat` and `..cmd` files are not executed in the same manner is that, although the Go `os/exec` package tries to execute them just as it does a `..exe` file, the Microsoft Win32 API `CreateProcess()` family of functions have an undocumented feature in that they apparently recognize when a caller is attempting to execute a batch script file and instead run the `cmd.exe` command interpreter, passing the full set of command line arguments as parameters. These are unchanged from the command line arguments set by Git LFS, and as such, the intended program's name is the first, resulting in a command line like `cmd.exe /c git`, which then fails.) Git LFS has resolved this vulnerability by always reporting an error when a program is not found in any directory listed in `PATH` rather than passing an empty string to the Go `os/exec` package in this case. The bug in the Go `os/exec` package has been reported to the Go project and is expected to be patched after this security advisory is published. The problem was introduced in version 2.12.1 and is patched in version 3.1.3. Users of affected versions should upgrade to version 3.1.3. There are currently no known workarounds at this time. | ||||
| CVE-2022-23748 | 2 Audinate, Microsoft | 2 Dante Application Library, Windows | 2024-08-03 | 7.8 High |
| mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files. | ||||
| CVE-2022-3734 | 2 Microsoft, Redis | 2 Windows, Redis | 2024-08-03 | 6.3 Medium |
| A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-212416. NOTE: The official Redis release is not affected. This issue might affect an unofficial fork or port on Windows only. | ||||
| CVE-2022-4883 | 2 Redhat, X.org | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2024-08-03 | 8.8 High |
| A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable. | ||||
| CVE-2022-0074 | 1 Litespeedtech | 1 Openlitespeed | 2024-08-02 | 8.8 High |
| Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1. | ||||
| CVE-2023-48670 | 1 Dell | 1 Supportassist For Home Pcs | 2024-08-02 | 7.3 High |
| Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. | ||||
| CVE-2023-43586 | 1 Zoom | 4 Meeting Software Development Kit, Video Software Development Kit, Virtual Desktop Infrastructure and 1 more | 2024-08-02 | 7.3 High |
| Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access. | ||||
| CVE-2023-41766 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-08-02 | 7.8 High |
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | ||||
| CVE-2023-36898 | 1 Microsoft | 4 Windows 11 21h2, Windows 11 21h2, Windows 11 22h2 and 1 more | 2024-08-02 | 7.8 High |
| Tablet Windows User Interface Application Core Remote Code Execution Vulnerability | ||||
| CVE-2023-36780 | 1 Microsoft | 1 Skype For Business Server | 2024-08-02 | 7.2 High |
| Skype for Business Remote Code Execution Vulnerability | ||||
| CVE-2023-36778 | 1 Microsoft | 1 Exchange Server | 2024-08-02 | 8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-36422 | 1 Microsoft | 1 Windows Defender | 2024-08-02 | 7.8 High |
| Microsoft Windows Defender Elevation of Privilege Vulnerability | ||||