Common Weakness Enumeration

CWE-426

Allowed-with-Review

Untrusted Search Path

Abstraction: Base · Status: Stable

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

892 vulnerabilities reference this CWE, most recent first.

CVE-2018-10904 (GCVE-0-2018-10904)

Vulnerability from cvelistv5 – Published: 2018-09-04 13:00 – Updated: 2024-08-05 07:54
VLAI
Summary
It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.
CWE
Assigner
References
Impacted products
Vendor Product Version
Red Hat glusterfs Affected: n/a
Create a notification for this product.
Date Public
2018-09-04 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:54:34.745Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:2607",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2607"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://review.gluster.org/#/c/glusterfs/+/21072/"
          },
          {
            "name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html"
          },
          {
            "name": "RHSA-2018:2608",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2608"
          },
          {
            "name": "RHSA-2018:3470",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3470"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904"
          },
          {
            "name": "GLSA-201904-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201904-06"
          },
          {
            "name": "openSUSE-SU-2020:0079",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"
          },
          {
            "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "glusterfs",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-09-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found that glusterfs server does not properly sanitize file paths in the \"trusted.io-stats-dump\" extended attribute which is used by the \"debug/io-stats\" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "CWE-426",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-02T02:06:27.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2018:2607",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2607"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://review.gluster.org/#/c/glusterfs/+/21072/"
        },
        {
          "name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html"
        },
        {
          "name": "RHSA-2018:2608",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2608"
        },
        {
          "name": "RHSA-2018:3470",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3470"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904"
        },
        {
          "name": "GLSA-201904-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201904-06"
        },
        {
          "name": "openSUSE-SU-2020:0079",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"
        },
        {
          "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-10904",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "glusterfs",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Red Hat"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was found that glusterfs server does not properly sanitize file paths in the \"trusted.io-stats-dump\" extended attribute which is used by the \"debug/io-stats\" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-426"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:2607",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2607"
            },
            {
              "name": "https://review.gluster.org/#/c/glusterfs/+/21072/",
              "refsource": "CONFIRM",
              "url": "https://review.gluster.org/#/c/glusterfs/+/21072/"
            },
            {
              "name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html"
            },
            {
              "name": "RHSA-2018:2608",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2608"
            },
            {
              "name": "RHSA-2018:3470",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3470"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904"
            },
            {
              "name": "GLSA-201904-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201904-06"
            },
            {
              "name": "openSUSE-SU-2020:0079",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"
            },
            {
              "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-10904",
    "datePublished": "2018-09-04T13:00:00.000Z",
    "dateReserved": "2018-05-09T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:54:34.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10875 (GCVE-0-2018-10875)

Vulnerability from cvelistv5 – Published: 2018-07-13 22:00 – Updated: 2024-08-05 07:46
VLAI
Summary
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
CWE
Assigner
References
URL Tags
https://access.redhat.com/errata/RHSA-2018:2166 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2152 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2150 vendor-advisoryx_refsource_REDHAT
http://www.securitytracker.com/id/1041396 vdb-entryx_refsource_SECTRACK
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
https://access.redhat.com/errata/RHBA-2018:3788 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0054 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2151 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2321 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2585 vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2019/dsa-4396 vendor-advisoryx_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
https://usn.ubuntu.com/4072-1/ vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
Impacted products
Vendor Product Version
[UNKNOWN] ansible Affected: n/a
Create a notification for this product.
Date Public
2018-06-29 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:46:47.518Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:2166",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2166"
          },
          {
            "name": "RHSA-2018:2152",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2152"
          },
          {
            "name": "RHSA-2018:2150",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2150"
          },
          {
            "name": "1041396",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041396"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875"
          },
          {
            "name": "RHBA-2018:3788",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2018:3788"
          },
          {
            "name": "RHSA-2019:0054",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0054"
          },
          {
            "name": "RHSA-2018:2151",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2151"
          },
          {
            "name": "RHSA-2018:2321",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2321"
          },
          {
            "name": "RHSA-2018:2585",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2585"
          },
          {
            "name": "DSA-4396",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4396"
          },
          {
            "name": "openSUSE-SU-2019:1125",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html"
          },
          {
            "name": "USN-4072-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4072-1/"
          },
          {
            "name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1923-1] ansible security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ansible",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-06-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "CWE-426",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-16T14:06:20.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2018:2166",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2166"
        },
        {
          "name": "RHSA-2018:2152",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2152"
        },
        {
          "name": "RHSA-2018:2150",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2150"
        },
        {
          "name": "1041396",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041396"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875"
        },
        {
          "name": "RHBA-2018:3788",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2018:3788"
        },
        {
          "name": "RHSA-2019:0054",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0054"
        },
        {
          "name": "RHSA-2018:2151",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2151"
        },
        {
          "name": "RHSA-2018:2321",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2321"
        },
        {
          "name": "RHSA-2018:2585",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2585"
        },
        {
          "name": "DSA-4396",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4396"
        },
        {
          "name": "openSUSE-SU-2019:1125",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html"
        },
        {
          "name": "USN-4072-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4072-1/"
        },
        {
          "name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1923-1] ansible security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-10875",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ansible",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "[UNKNOWN]"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-426"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:2166",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2166"
            },
            {
              "name": "RHSA-2018:2152",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2152"
            },
            {
              "name": "RHSA-2018:2150",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2150"
            },
            {
              "name": "1041396",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041396"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875"
            },
            {
              "name": "RHBA-2018:3788",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHBA-2018:3788"
            },
            {
              "name": "RHSA-2019:0054",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0054"
            },
            {
              "name": "RHSA-2018:2151",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2151"
            },
            {
              "name": "RHSA-2018:2321",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2321"
            },
            {
              "name": "RHSA-2018:2585",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2585"
            },
            {
              "name": "DSA-4396",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4396"
            },
            {
              "name": "openSUSE-SU-2019:1125",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html"
            },
            {
              "name": "USN-4072-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4072-1/"
            },
            {
              "name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1923-1] ansible security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-10875",
    "datePublished": "2018-07-13T22:00:00.000Z",
    "dateReserved": "2018-05-09T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:46:47.518Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10874 (GCVE-0-2018-10874)

Vulnerability from cvelistv5 – Published: 2018-07-02 13:00 – Updated: 2024-08-05 07:46
VLAI
Summary
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
CWE
Assigner
References
URL Tags
https://access.redhat.com/errata/RHSA-2018:2166 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2152 vendor-advisoryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2150 vendor-advisoryx_refsource_REDHAT
http://www.securitytracker.com/id/1041396 vdb-entryx_refsource_SECTRACK
https://access.redhat.com/errata/RHBA-2018:3788 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0054 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2151 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2321 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2585 vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/4072-1/ vendor-advisoryx_refsource_UBUNTU
Impacted products
Vendor Product Version
[UNKNOWN] ansible Affected: n/a
Create a notification for this product.
Date Public
2018-06-29 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:46:47.224Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:2166",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2166"
          },
          {
            "name": "RHSA-2018:2152",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2152"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874"
          },
          {
            "name": "RHSA-2018:2150",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2150"
          },
          {
            "name": "1041396",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041396"
          },
          {
            "name": "RHBA-2018:3788",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2018:3788"
          },
          {
            "name": "RHSA-2019:0054",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0054"
          },
          {
            "name": "RHSA-2018:2151",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2151"
          },
          {
            "name": "RHSA-2018:2321",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2321"
          },
          {
            "name": "RHSA-2018:2585",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2585"
          },
          {
            "name": "USN-4072-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4072-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ansible",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-06-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "CWE-426",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-25T01:06:05.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2018:2166",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2166"
        },
        {
          "name": "RHSA-2018:2152",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2152"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874"
        },
        {
          "name": "RHSA-2018:2150",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2150"
        },
        {
          "name": "1041396",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041396"
        },
        {
          "name": "RHBA-2018:3788",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2018:3788"
        },
        {
          "name": "RHSA-2019:0054",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0054"
        },
        {
          "name": "RHSA-2018:2151",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2151"
        },
        {
          "name": "RHSA-2018:2321",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2321"
        },
        {
          "name": "RHSA-2018:2585",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2585"
        },
        {
          "name": "USN-4072-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4072-1/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-10874",
    "datePublished": "2018-07-02T13:00:00.000Z",
    "dateReserved": "2018-05-09T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:46:47.224Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-7365 (GCVE-0-2018-7365)

Vulnerability from cvelistv5 – Published: 2018-12-20 14:00 – Updated: 2024-08-05 06:24
VLAI
Summary
All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations.
CWE
Assigner
zte
References
Impacted products
Vendor Product Version
ZTE uSmartView Affected: unspecified , ≤ ZXCLOUD iRAI V5.01.05 (custom)
Create a notification for this product.
Date Public
2018-12-20 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:24:11.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010005"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "uSmartView",
          "vendor": "ZTE",
          "versions": [
            {
              "lessThanOrEqual": "ZXCLOUD iRAI V5.01.05",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-12-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "CWE-426: Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-20T13:57:01.000Z",
        "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "shortName": "zte"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010005"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@zte.com.cn",
          "ID": "CVE-2018-7365",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "uSmartView",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c=",
                            "version_affected": "\u003c=",
                            "version_value": "ZXCLOUD iRAI V5.01.05"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ZTE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-426: Untrusted Search Path"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010005",
              "refsource": "CONFIRM",
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010005"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
    "assignerShortName": "zte",
    "cveId": "CVE-2018-7365",
    "datePublished": "2018-12-20T14:00:00.000Z",
    "dateReserved": "2018-02-22T00:00:00.000Z",
    "dateUpdated": "2024-08-05T06:24:11.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-20123 (GCVE-0-2017-20123)

Vulnerability from cvelistv5 – Published: 2022-06-30 05:05 – Updated: 2025-04-15 14:08
VLAI
Title
Viscosity DLL untrusted search path
Summary
A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
unspecified Viscosity Affected: 1.6.7
Create a notification for this product.
Credits
Kacper Szurek
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T21:45:25.965Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Feb/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/kacperszurek/exploits/tree/master/Viscosity"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.96639"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-20123",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-14T16:55:28.155814Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T14:08:34.930Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Viscosity",
          "vendor": "unspecified",
          "versions": [
            {
              "status": "affected",
              "version": "1.6.7"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Kacper Szurek"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "CWE-426 Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-30T05:05:23.000Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Feb/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kacperszurek/exploits/tree/master/Viscosity"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://vuldb.com/?id.96639"
        }
      ],
      "title": "Viscosity DLL untrusted search path",
      "x_generator": "vuldb.com",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@vuldb.com",
          "ID": "CVE-2017-20123",
          "REQUESTER": "cna@vuldb.com",
          "STATE": "PUBLIC",
          "TITLE": "Viscosity DLL untrusted search path"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Viscosity",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.6.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": ""
              }
            ]
          }
        },
        "credit": "Kacper Szurek",
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component."
            }
          ]
        },
        "generator": "vuldb.com",
        "impact": {
          "cvss": {
            "baseScore": "8.8",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-426 Untrusted Search Path"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://seclists.org/fulldisclosure/2017/Feb/1",
              "refsource": "MISC",
              "url": "http://seclists.org/fulldisclosure/2017/Feb/1"
            },
            {
              "name": "https://github.com/kacperszurek/exploits/tree/master/Viscosity",
              "refsource": "MISC",
              "url": "https://github.com/kacperszurek/exploits/tree/master/Viscosity"
            },
            {
              "name": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/",
              "refsource": "MISC",
              "url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/"
            },
            {
              "name": "https://vuldb.com/?id.96639",
              "refsource": "MISC",
              "url": "https://vuldb.com/?id.96639"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2017-20123",
    "datePublished": "2022-06-30T05:05:23.000Z",
    "dateReserved": "2022-06-27T00:00:00.000Z",
    "dateUpdated": "2025-04-15T14:08:34.930Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-4125 (GCVE-0-2011-4125)

Vulnerability from cvelistv5 – Published: 2021-10-27 00:50 – Updated: 2024-08-07 00:01
VLAI
Summary
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a Calibre Affected: unknown
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:01:50.441Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2011/11/02/2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/calibre/+bug/885027"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lwn.net/Articles/464824/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Calibre",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "unknown"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "CWE-426",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-27T00:50:09.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2011/11/02/2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/calibre/+bug/885027"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lwn.net/Articles/464824/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-4125",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Calibre",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "unknown"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-426"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/",
              "refsource": "MISC",
              "url": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2011/11/02/2",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2011/11/02/2"
            },
            {
              "name": "https://bugs.launchpad.net/calibre/+bug/885027",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/calibre/+bug/885027"
            },
            {
              "name": "https://lwn.net/Articles/464824/",
              "refsource": "MISC",
              "url": "https://lwn.net/Articles/464824/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-4125",
    "datePublished": "2021-10-27T00:50:09.000Z",
    "dateReserved": "2011-10-18T00:00:00.000Z",
    "dateUpdated": "2024-08-07T00:01:50.441Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-22RR-C324-2VJ7

Vulnerability from github – Published: 2025-01-27 18:32 – Updated: 2025-01-27 18:32
VLAI
Details

A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0732"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-27T18:15:40Z",
    "severity": "LOW"
  },
  "details": "A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-22rr-c324-2vj7",
  "modified": "2025-01-27T18:32:02Z",
  "published": "2025-01-27T18:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0732"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.293510"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.293510"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.481209"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-23XJ-W5QM-57J6

Vulnerability from github – Published: 2022-05-17 00:32 – Updated: 2022-05-17 00:32
VLAI
Details

Untrusted search path vulnerability in Installer of HIBUN Confidential File Viewer prior to 11.20.0001 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-10864"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-12T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "Untrusted search path vulnerability in Installer of HIBUN Confidential File Viewer prior to 11.20.0001 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",
  "id": "GHSA-23xj-w5qm-57j6",
  "modified": "2022-05-17T00:32:07Z",
  "published": "2022-05-17T00:32:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10864"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN94056834/index.html"
    },
    {
      "type": "WEB",
      "url": "http://www.hitachi-solutions.co.jp/hibun/sp/support/importance/20170929.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2425-8942-CJHP

Vulnerability from github – Published: 2026-02-16 09:30 – Updated: 2026-02-16 09:30
VLAI
Details

A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack's complexity is rated as high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-2538"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-16T07:17:00Z",
    "severity": "HIGH"
  },
  "details": "A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack\u0027s complexity is rated as high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-2425-8942-cjhp",
  "modified": "2026-02-16T09:30:30Z",
  "published": "2026-02-16T09:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2538"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Cyber-Wo0dy/report/blob/main/notepad2/4.2.25/notepad2_dll_hijacking.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.346126"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.346126"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.749345"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-244Q-C67C-J2H7

Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2022-05-24 16:54
VLAI
Details

DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerability, which may result in code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-7362"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-23T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerability, which may result in code execution.",
  "id": "GHSA-244q-c67c-j2h7",
  "modified": "2022-05-24T16:54:42Z",
  "published": "2022-05-24T16:54:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7362"
    },
    {
      "type": "WEB",
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design Implementation

Strategy: Attack Surface Reduction

Hard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428.

Mitigation
Implementation

When invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code refer to these paths.

Mitigation
Implementation

Remove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths.

Mitigation
Implementation

Check your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory.

Mitigation
Implementation

Use other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of it, while execl() and execv() require a full path.

CAPEC-38: Leveraging/Manipulating Configuration File Search Paths

This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.