CWE-426
Allowed-with-ReviewUntrusted Search Path
Abstraction: Base · Status: Stable
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
892 vulnerabilities reference this CWE, most recent first.
CVE-2018-10904 (GCVE-0-2018-10904)
Vulnerability from cvelistv5 – Published: 2018-09-04 13:00 – Updated: 2024-08-05 07:54| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2018:2607 | vendor-advisoryx_refsource_REDHAT |
| https://review.gluster.org/#/c/glusterfs/+/21072/ | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://access.redhat.com/errata/RHSA-2018:2608 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:3470 | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201904-06 | vendor-advisoryx_refsource_GENTOO |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:34.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2607",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.gluster.org/#/c/glusterfs/+/21072/"
},
{
"name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html"
},
{
"name": "RHSA-2018:2608",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2608"
},
{
"name": "RHSA-2018:3470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3470"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904"
},
{
"name": "GLSA-201904-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201904-06"
},
{
"name": "openSUSE-SU-2020:0079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"
},
{
"name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "glusterfs",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It was found that glusterfs server does not properly sanitize file paths in the \"trusted.io-stats-dump\" extended attribute which is used by the \"debug/io-stats\" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-02T02:06:27.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:2607",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.gluster.org/#/c/glusterfs/+/21072/"
},
{
"name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html"
},
{
"name": "RHSA-2018:2608",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2608"
},
{
"name": "RHSA-2018:3470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3470"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904"
},
{
"name": "GLSA-201904-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201904-06"
},
{
"name": "openSUSE-SU-2020:0079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"
},
{
"name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "glusterfs",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that glusterfs server does not properly sanitize file paths in the \"trusted.io-stats-dump\" extended attribute which is used by the \"debug/io-stats\" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2607",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2607"
},
{
"name": "https://review.gluster.org/#/c/glusterfs/+/21072/",
"refsource": "CONFIRM",
"url": "https://review.gluster.org/#/c/glusterfs/+/21072/"
},
{
"name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html"
},
{
"name": "RHSA-2018:2608",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2608"
},
{
"name": "RHSA-2018:3470",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3470"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904"
},
{
"name": "GLSA-201904-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201904-06"
},
{
"name": "openSUSE-SU-2020:0079",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"
},
{
"name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10904",
"datePublished": "2018-09-04T13:00:00.000Z",
"dateReserved": "2018-05-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:54:34.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10875 (GCVE-0-2018-10875)
Vulnerability from cvelistv5 – Published: 2018-07-13 22:00 – Updated: 2024-08-05 07:46{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2166"
},
{
"name": "RHSA-2018:2152",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2152"
},
{
"name": "RHSA-2018:2150",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2150"
},
{
"name": "1041396",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041396"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875"
},
{
"name": "RHBA-2018:3788",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"name": "RHSA-2019:0054",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"name": "RHSA-2018:2151",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2151"
},
{
"name": "RHSA-2018:2321",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2321"
},
{
"name": "RHSA-2018:2585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"name": "DSA-4396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4396"
},
{
"name": "openSUSE-SU-2019:1125",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html"
},
{
"name": "USN-4072-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4072-1/"
},
{
"name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1923-1] ansible security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ansible",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-16T14:06:20.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:2166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2166"
},
{
"name": "RHSA-2018:2152",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2152"
},
{
"name": "RHSA-2018:2150",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2150"
},
{
"name": "1041396",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041396"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875"
},
{
"name": "RHBA-2018:3788",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"name": "RHSA-2019:0054",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"name": "RHSA-2018:2151",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2151"
},
{
"name": "RHSA-2018:2321",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2321"
},
{
"name": "RHSA-2018:2585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"name": "DSA-4396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4396"
},
{
"name": "openSUSE-SU-2019:1125",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html"
},
{
"name": "USN-4072-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4072-1/"
},
{
"name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1923-1] ansible security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ansible",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2166",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2166"
},
{
"name": "RHSA-2018:2152",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2152"
},
{
"name": "RHSA-2018:2150",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2150"
},
{
"name": "1041396",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041396"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875"
},
{
"name": "RHBA-2018:3788",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"name": "RHSA-2019:0054",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"name": "RHSA-2018:2151",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2151"
},
{
"name": "RHSA-2018:2321",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2321"
},
{
"name": "RHSA-2018:2585",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"name": "DSA-4396",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4396"
},
{
"name": "openSUSE-SU-2019:1125",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html"
},
{
"name": "USN-4072-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4072-1/"
},
{
"name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1923-1] ansible security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10875",
"datePublished": "2018-07-13T22:00:00.000Z",
"dateReserved": "2018-05-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:46:47.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10874 (GCVE-0-2018-10874)
Vulnerability from cvelistv5 – Published: 2018-07-02 13:00 – Updated: 2024-08-05 07:46| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2018:2166 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2152 | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:2150 | vendor-advisoryx_refsource_REDHAT |
| http://www.securitytracker.com/id/1041396 | vdb-entryx_refsource_SECTRACK |
| https://access.redhat.com/errata/RHBA-2018:3788 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:0054 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2151 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2321 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2585 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/4072-1/ | vendor-advisoryx_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2166"
},
{
"name": "RHSA-2018:2152",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2152"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874"
},
{
"name": "RHSA-2018:2150",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2150"
},
{
"name": "1041396",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041396"
},
{
"name": "RHBA-2018:3788",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"name": "RHSA-2019:0054",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"name": "RHSA-2018:2151",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2151"
},
{
"name": "RHSA-2018:2321",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2321"
},
{
"name": "RHSA-2018:2585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"name": "USN-4072-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4072-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ansible",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-25T01:06:05.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:2166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2166"
},
{
"name": "RHSA-2018:2152",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2152"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874"
},
{
"name": "RHSA-2018:2150",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2150"
},
{
"name": "1041396",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041396"
},
{
"name": "RHBA-2018:3788",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2018:3788"
},
{
"name": "RHSA-2019:0054",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0054"
},
{
"name": "RHSA-2018:2151",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2151"
},
{
"name": "RHSA-2018:2321",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2321"
},
{
"name": "RHSA-2018:2585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2585"
},
{
"name": "USN-4072-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4072-1/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10874",
"datePublished": "2018-07-02T13:00:00.000Z",
"dateReserved": "2018-05-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:46:47.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7365 (GCVE-0-2018-7365)
Vulnerability from cvelistv5 – Published: 2018-12-20 14:00 – Updated: 2024-08-05 06:24- CWE-426 - Untrusted Search Path
| URL | Tags |
|---|---|
| http://support.zte.com.cn/support/news/LoopholeIn… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| ZTE | uSmartView |
Affected:
unspecified , ≤ ZXCLOUD iRAI V5.01.05
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "uSmartView",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "ZXCLOUD iRAI V5.01.05",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-12-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T13:57:01.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010005"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2018-7365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "uSmartView",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "ZXCLOUD iRAI V5.01.05"
}
]
}
}
]
},
"vendor_name": "ZTE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426: Untrusted Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010005",
"refsource": "CONFIRM",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010005"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2018-7365",
"datePublished": "2018-12-20T14:00:00.000Z",
"dateReserved": "2018-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:24:11.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20123 (GCVE-0-2017-20123)
Vulnerability from cvelistv5 – Published: 2022-06-30 05:05 – Updated: 2025-04-15 14:08- CWE-426 - Untrusted Search Path
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2017/Feb/1 | x_refsource_MISC |
| https://github.com/kacperszurek/exploits/tree/mas… | x_refsource_MISC |
| https://www.sparklabs.com/blog/viscosity-for-mac-… | x_refsource_MISC |
| https://vuldb.com/?id.96639 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | Viscosity |
Affected:
1.6.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:25.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Feb/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kacperszurek/exploits/tree/master/Viscosity"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.96639"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20123",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:55:28.155814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:08:34.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Viscosity",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "1.6.7"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kacper Szurek"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-30T05:05:23.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Feb/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kacperszurek/exploits/tree/master/Viscosity"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.96639"
}
],
"title": "Viscosity DLL untrusted search path",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20123",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Viscosity DLL untrusted search path"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Viscosity",
"version": {
"version_data": [
{
"version_value": "1.6.7"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"credit": "Kacper Szurek",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426 Untrusted Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Feb/1",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Feb/1"
},
{
"name": "https://github.com/kacperszurek/exploits/tree/master/Viscosity",
"refsource": "MISC",
"url": "https://github.com/kacperszurek/exploits/tree/master/Viscosity"
},
{
"name": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/",
"refsource": "MISC",
"url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/"
},
{
"name": "https://vuldb.com/?id.96639",
"refsource": "MISC",
"url": "https://vuldb.com/?id.96639"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20123",
"datePublished": "2022-06-30T05:05:23.000Z",
"dateReserved": "2022-06-27T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:08:34.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4125 (GCVE-0-2011-4125)
Vulnerability from cvelistv5 – Published: 2021-10-27 00:50 – Updated: 2024-08-07 00:01| URL | Tags |
|---|---|
| https://git.zx2c4.com/calibre-mount-helper-exploi… | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2011/… | x_refsource_MISC |
| https://bugs.launchpad.net/calibre/+bug/885027 | x_refsource_MISC |
| https://lwn.net/Articles/464824/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:50.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/11/02/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/calibre/+bug/885027"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lwn.net/Articles/464824/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Calibre",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-27T00:50:09.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/11/02/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/calibre/+bug/885027"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lwn.net/Articles/464824/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Calibre",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/",
"refsource": "MISC",
"url": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/"
},
{
"name": "https://www.openwall.com/lists/oss-security/2011/11/02/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/11/02/2"
},
{
"name": "https://bugs.launchpad.net/calibre/+bug/885027",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/calibre/+bug/885027"
},
{
"name": "https://lwn.net/Articles/464824/",
"refsource": "MISC",
"url": "https://lwn.net/Articles/464824/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4125",
"datePublished": "2021-10-27T00:50:09.000Z",
"dateReserved": "2011-10-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:01:50.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-22RR-C324-2VJ7
Vulnerability from github – Published: 2025-01-27 18:32 – Updated: 2025-01-27 18:32A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-0732"
],
"database_specific": {
"cwe_ids": [
"CWE-426"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T18:15:40Z",
"severity": "LOW"
},
"details": "A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-22rr-c324-2vj7",
"modified": "2025-01-27T18:32:02Z",
"published": "2025-01-27T18:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0732"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.293510"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.293510"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.481209"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-23XJ-W5QM-57J6
Vulnerability from github – Published: 2022-05-17 00:32 – Updated: 2022-05-17 00:32Untrusted search path vulnerability in Installer of HIBUN Confidential File Viewer prior to 11.20.0001 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
{
"affected": [],
"aliases": [
"CVE-2017-10864"
],
"database_specific": {
"cwe_ids": [
"CWE-426"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-12T14:29:00Z",
"severity": "HIGH"
},
"details": "Untrusted search path vulnerability in Installer of HIBUN Confidential File Viewer prior to 11.20.0001 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",
"id": "GHSA-23xj-w5qm-57j6",
"modified": "2022-05-17T00:32:07Z",
"published": "2022-05-17T00:32:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10864"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN94056834/index.html"
},
{
"type": "WEB",
"url": "http://www.hitachi-solutions.co.jp/hibun/sp/support/importance/20170929.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2425-8942-CJHP
Vulnerability from github – Published: 2026-02-16 09:30 – Updated: 2026-02-16 09:30A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack's complexity is rated as high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2026-2538"
],
"database_specific": {
"cwe_ids": [
"CWE-426"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-16T07:17:00Z",
"severity": "HIGH"
},
"details": "A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack\u0027s complexity is rated as high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-2425-8942-cjhp",
"modified": "2026-02-16T09:30:30Z",
"published": "2026-02-16T09:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2538"
},
{
"type": "WEB",
"url": "https://github.com/Cyber-Wo0dy/report/blob/main/notepad2/4.2.25/notepad2_dll_hijacking.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.346126"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.346126"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.749345"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-244Q-C67C-J2H7
Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2022-05-24 16:54DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerability, which may result in code execution.
{
"affected": [],
"aliases": [
"CVE-2019-7362"
],
"database_specific": {
"cwe_ids": [
"CWE-426"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-23T20:15:00Z",
"severity": "HIGH"
},
"details": "DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerability, which may result in code execution.",
"id": "GHSA-244q-c67c-j2h7",
"modified": "2022-05-24T16:54:42Z",
"published": "2022-05-24T16:54:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7362"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Strategy: Attack Surface Reduction
Hard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428.
Mitigation
When invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code refer to these paths.
Mitigation
Remove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths.
Mitigation
Check your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory.
Mitigation
Use other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of it, while execl() and execv() require a full path.
CAPEC-38: Leveraging/Manipulating Configuration File Search Paths
This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.