Total
556 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40590 | 1 Gitpython Project | 1 Gitpython | 2024-11-21 | N/A | 7.8 HIGH |
| GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `git.exe` or `git` executable, that program will be run instead of the one in the user's `PATH`. This is more of a problem on how Python interacts with Windows systems, Linux and any other OS aren't affected by this. But probably people using GitPython usually run it from the CWD of a repo. An attacker can trick a user to download a repository with a malicious `git` executable, if the user runs/imports GitPython from that directory, it allows the attacker to run any arbitrary commands. There is no fix currently available for windows users, however there are a few mitigations. 1: Default to an absolute path for the git program on Windows, like `C:\\Program Files\\Git\\cmd\\git.EXE` (default git path installation). 2: Require users to set the `GIT_PYTHON_GIT_EXECUTABLE` environment variable on Windows systems. 3: Make this problem prominent in the documentation and advise users to never run GitPython from an untrusted repo, or set the `GIT_PYTHON_GIT_EXECUTABLE` env var to an absolute path. 4: Resolve the executable manually by only looking into the `PATH` environment variable. | |||||
| CVE-2023-39212 | 1 Zoom | 1 Rooms | 2024-11-21 | N/A | 7.9 HIGH |
| Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access. | |||||
| CVE-2023-39202 | 1 Zoom | 2 Rooms, Virtual Desktop Infrastructure | 2024-11-21 | N/A | 3.1 LOW |
| Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access. | |||||
| CVE-2023-39201 | 1 Zoom | 1 Cleanzoom | 2024-11-21 | N/A | 7.2 HIGH |
| Untrusted search path in CleanZoom before file date 07/24/2023 may allow a privileged user to conduct an escalation of privilege via local access. | |||||
| CVE-2023-36898 | 1 Microsoft | 2 Windows 11 21h2, Windows 11 22h2 | 2024-11-21 | N/A | 7.8 HIGH |
| Tablet Windows User Interface Application Core Remote Code Execution Vulnerability | |||||
| CVE-2023-36780 | 1 Microsoft | 1 Skype For Business Server | 2024-11-21 | N/A | 7.2 HIGH |
| Skype for Business Remote Code Execution Vulnerability | |||||
| CVE-2023-36778 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A | 8.0 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2023-36540 | 1 Zoom | 1 Zoom | 2024-11-21 | N/A | 7.3 HIGH |
| Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. | |||||
| CVE-2023-36538 | 1 Zoom | 1 Rooms | 2024-11-21 | N/A | 8.4 HIGH |
| Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. | |||||
| CVE-2023-36536 | 1 Zoom | 1 Rooms | 2024-11-21 | N/A | 8.2 HIGH |
| Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. | |||||
| CVE-2023-36422 | 1 Microsoft | 1 Windows Defender | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft Windows Defender Elevation of Privilege Vulnerability | |||||
| CVE-2023-36393 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows User Interface Application Core Remote Code Execution Vulnerability | |||||
| CVE-2023-36003 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| XAML Diagnostics Elevation of Privilege Vulnerability | |||||
| CVE-2023-35343 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Geolocation Service Remote Code Execution Vulnerability | |||||
| CVE-2023-34145 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 7.8 HIGH |
| An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34144. | |||||
| CVE-2023-34144 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 7.8 HIGH |
| An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34145. | |||||
| CVE-2023-34119 | 1 Zoom | 1 Rooms | 2024-11-21 | N/A | 8.2 HIGH |
| Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. | |||||
| CVE-2023-29299 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 4.7 MEDIUM |
| Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Untrusted Search Path vulnerability that could lead to Application denial-of-service. An attacker could leverage this vulnerability if the default PowerShell Set-ExecutionPolicy is set to Unrestricted, making the attack complexity high. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-28143 | 2 Apple, Qualys | 2 Mac Os X, Cloud Agent | 2024-11-21 | N/A | 6.7 MEDIUM |
| Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7) installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX (macOS 10.15 and older) versions. Attackers may exploit incorrect file permissions to give them ROOT command execution privileges on the host. During the install of the PKG, a step in the process involves extracting the package and copying files to several directories. Attackers may gain writable access to files during the install of PKG when extraction of the package and copying files to several directories, enabling a local escalation of privilege. | |||||
| CVE-2023-26358 | 1 Adobe | 1 Creative Cloud | 2024-11-21 | N/A | 8.6 HIGH |
| Creative Cloud version 5.9.1 (and earlier) is affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts. | |||||