Search criteria
12 vulnerabilities found for zed\! by primx
FKIE_CVE-2023-50440
Vulnerability from fkie_nvd - Published: 2023-12-13 21:15 - Updated: 2025-06-03 14:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:linux:*:*",
"matchCriteriaId": "CC444405-D58E-42B4-A1EF-1EF4F0CC6300",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:macos:*:*",
"matchCriteriaId": "34D7936A-123E-4582-9F90-2724A814CB0A",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:free:linux:*:*",
"matchCriteriaId": "B67C1CB4-F980-4856-82B2-95BECC07F380",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:free:macos:*:*",
"matchCriteriaId": "A895BAFB-8677-4ABB-9188-C84CAA9DC74B",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:free:windows:*:*",
"matchCriteriaId": "006184BD-4D3B-4DB1-AE7C-E3B10E683BFB",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:pro:linux:*:*",
"matchCriteriaId": "74F37A78-4F7C-4334-B9C1-8D8BA1570527",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:pro:macos:*:*",
"matchCriteriaId": "D1C7B28D-6E45-4B99-B764-2D622DDBE53A",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:pro:windows:*:*",
"matchCriteriaId": "ACFFF19C-080B-485E-8E83-927125E5676E",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
"matchCriteriaId": "7C67598A-6CE7-4802-BB1F-65D40CF38DAC",
"versionEndExcluding": "q.2020.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
"matchCriteriaId": "1B21D96F-47D7-4DE6-80AD-68986FF75C77",
"versionEndExcluding": "2023.5",
"versionStartIncluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
"matchCriteriaId": "747C7A04-7E6E-4A2C-BCFC-01EC16ABE951",
"versionEndExcluding": "q.2021.2",
"versionStartIncluding": "q.2021.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zedmail:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "01B1BDF0-697E-4EA2-8E26-5B786E03FCF1",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "60E1C4D1-FD43-44D1-90E3-0A3936D947A2",
"versionEndExcluding": "q.2021.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5FA52575-445D-48F8-B1D9-F3981DDBD5D3",
"versionEndExcluding": "2023.5",
"versionStartIncluding": "2023.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim."
},
{
"lang": "es",
"value": "Contenedores ZED producidos por PRIMX ZED! para Windows anteriores a Q.2020.3 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZED! para Windows anteriores a Q.2021.2 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZONECENTRAL para Windows antes de Q.2021.2 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZONECENTRAL para Windows antes de 2023.5; ZEDMAIL para Windows antes de 2023.5; ZED! para Windows, Mac, Linux antes de 2023.5; ZEDFREE para Windows, Mac, Linux antes de 2023.5; o ZEDPRO para Windows, Mac, Linux anterior a 2023.5 puede ser modificado por un atacante no autenticado para incluir una referencia UNC de modo que pueda activar el acceso a la red a una maquina controlada por el atacante cuando la v\u00edctima la abra."
}
],
"id": "CVE-2023-50440",
"lastModified": "2025-06-03T14:15:33.780",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-12-13T21:15:09.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30931/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30931/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.primx.eu/fr/blog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-50439
Vulnerability from fkie_nvd - Published: 2023-12-13 21:15 - Updated: 2024-11-21 08:36
Severity ?
Summary
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
"matchCriteriaId": "7C67598A-6CE7-4802-BB1F-65D40CF38DAC",
"versionEndExcluding": "q.2020.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
"matchCriteriaId": "1B21D96F-47D7-4DE6-80AD-68986FF75C77",
"versionEndExcluding": "2023.5",
"versionStartIncluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
"matchCriteriaId": "747C7A04-7E6E-4A2C-BCFC-01EC16ABE951",
"versionEndExcluding": "q.2021.2",
"versionStartIncluding": "q.2021.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zedmail:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "01B1BDF0-697E-4EA2-8E26-5B786E03FCF1",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "60E1C4D1-FD43-44D1-90E3-0A3936D947A2",
"versionEndExcluding": "q.2021.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5FA52575-445D-48F8-B1D9-F3981DDBD5D3",
"versionEndExcluding": "2023.5",
"versionStartIncluding": "2023.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.)."
},
{
"lang": "es",
"value": "Contenedores ZED producidos por PRIMX ZED! para Windows anterior a Q.2020.3 (env\u00edo de calificaci\u00f3n ANSSI), ZED! para Windows antes de Q.2021.2 (env\u00edo de calificaci\u00f3n ANSSI), ZONECENTRAL para Windows antes de Q.2021.2 (env\u00edo de calificaci\u00f3n ANSSI), ZONECENTRAL para Windows antes de 2023.5 o ZEDMAIL para Windows antes de 2023.5 divulgan la ruta original en la que se crearon los contenedores, lo que permite un atacante no autenticado para obtener informaci\u00f3n sobre el contexto de uso (nombre del proyecto, etc.)."
}
],
"id": "CVE-2023-50439",
"lastModified": "2024-11-21T08:36:59.663",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-13T21:15:09.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30930/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30930/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.primx.eu/fr/blog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-50444
Vulnerability from fkie_nvd - Published: 2023-12-13 20:15 - Updated: 2024-11-21 08:37
Severity ?
Summary
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
"matchCriteriaId": "7C67598A-6CE7-4802-BB1F-65D40CF38DAC",
"versionEndExcluding": "q.2020.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
"matchCriteriaId": "1B21D96F-47D7-4DE6-80AD-68986FF75C77",
"versionEndExcluding": "2023.5",
"versionStartIncluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
"matchCriteriaId": "747C7A04-7E6E-4A2C-BCFC-01EC16ABE951",
"versionEndExcluding": "q.2021.2",
"versionStartIncluding": "q.2021.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zedmail:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "01B1BDF0-697E-4EA2-8E26-5B786E03FCF1",
"versionEndExcluding": "2023.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "60E1C4D1-FD43-44D1-90E3-0A3936D947A2",
"versionEndExcluding": "q.2021.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5FA52575-445D-48F8-B1D9-F3981DDBD5D3",
"versionEndExcluding": "2023.5",
"versionStartIncluding": "2023.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force."
},
{
"lang": "es",
"value": "De forma predeterminada, los contenedores ZED producidos por PRIMX ZED! para Windows anteriores a Q.2020.3 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZED! para Windows anteriores a Q.2021.2 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZONECENTRAL para Windows antes de Q.2021.2 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZONECENTRAL para Windows antes de 2023.5; ZEDMAIL para Windows antes de 2023.5; y ZED! para Windows, Mac y Linux anteriores a 2023.5 incluyen una versi\u00f3n cifrada de informaci\u00f3n confidencial del usuario, lo que podr\u00eda permitir que un atacante no autenticado la obtenga mediante fuerza bruta."
}
],
"id": "CVE-2023-50444",
"lastModified": "2024-11-21T08:37:00.407",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-13T20:15:49.840",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.primx.eu/fr/blog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-16518
Vulnerability from fkie_nvd - Published: 2018-09-05 15:29 - Updated: 2024-11-21 03:52
Severity ?
Summary
A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/ponypot/cve/blob/master/zed_watermarkExtension.pdf | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ponypot/cve/blob/master/zed_watermarkExtension.pdf | Broken Link, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| primx | zed\! | * | |
| primx | zed\!_free | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5EDC49-7912-424F-89E3-3FA5E595AD02",
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:primx:zed\\!_free:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F793A561-F94A-40DE-992F-1064ADA612A9",
"versionEndIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A directory traversal vulnerability with remote code execution in Prim\u0027X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user\u0027s workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio con ejecuci\u00f3n remota de c\u00f3digo en Prim\u0027X Zed! FREE hasta la versi\u00f3n 1.0 build 186 y Zed! Limited Edition hasta la versi\u00f3n 6.1 build 2208 permite la creaci\u00f3n de archivos arbitrarios en la estaci\u00f3n de trabajo de un usuario mediante contenedores ZED! manipulados. Esto se debe a que la funci\u00f3n de carga de marcas de agua puede colocar un archivo ejecutable en una carpeta Startup."
}
],
"id": "CVE-2018-16518",
"lastModified": "2024-11-21T03:52:53.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-05T15:29:00.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/ponypot/cve/blob/master/zed_watermarkExtension.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/ponypot/cve/blob/master/zed_watermarkExtension.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-50444 (GCVE-0-2023-50444)
Vulnerability from cvelistv5 – Published: 2023-12-13 00:00 – Updated: 2024-11-26 15:22
VLAI?
Summary
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50444",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-19T19:18:36.037192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T15:22:48.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T20:08:45.780353",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.primx.eu/fr/blog/"
},
{
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50444",
"datePublished": "2023-12-13T00:00:00",
"dateReserved": "2023-12-10T00:00:00",
"dateUpdated": "2024-11-26T15:22:48.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50440 (GCVE-0-2023-50440)
Vulnerability from cvelistv5 – Published: 2023-12-13 00:00 – Updated: 2025-06-03 13:43
VLAI?
Summary
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim.
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30931/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-50440",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T18:27:33.353117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T13:43:44.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T20:28:25.568Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.primx.eu/fr/blog/"
},
{
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30931/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50440",
"datePublished": "2023-12-13T00:00:00.000Z",
"dateReserved": "2023-12-10T00:00:00.000Z",
"dateUpdated": "2025-06-03T13:43:44.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50439 (GCVE-0-2023-50439)
Vulnerability from cvelistv5 – Published: 2023-12-13 00:00 – Updated: 2024-08-02 22:16
VLAI?
Summary
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30930/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T20:17:26.437262",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.primx.eu/fr/blog/"
},
{
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30930/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50439",
"datePublished": "2023-12-13T00:00:00",
"dateReserved": "2023-12-10T00:00:00",
"dateUpdated": "2024-08-02T22:16:46.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16518 (GCVE-0-2018-16518)
Vulnerability from cvelistv5 – Published: 2018-09-05 15:00 – Updated: 2024-09-17 00:46
VLAI?
Summary
A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ponypot/cve/blob/master/zed_watermarkExtension.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A directory traversal vulnerability with remote code execution in Prim\u0027X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user\u0027s workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-05T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ponypot/cve/blob/master/zed_watermarkExtension.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A directory traversal vulnerability with remote code execution in Prim\u0027X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user\u0027s workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ponypot/cve/blob/master/zed_watermarkExtension.pdf",
"refsource": "MISC",
"url": "https://github.com/ponypot/cve/blob/master/zed_watermarkExtension.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16518",
"datePublished": "2018-09-05T15:00:00Z",
"dateReserved": "2018-09-05T00:00:00Z",
"dateUpdated": "2024-09-17T00:46:27.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50444 (GCVE-0-2023-50444)
Vulnerability from nvd – Published: 2023-12-13 00:00 – Updated: 2024-11-26 15:22
VLAI?
Summary
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50444",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-19T19:18:36.037192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T15:22:48.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T20:08:45.780353",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.primx.eu/fr/blog/"
},
{
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50444",
"datePublished": "2023-12-13T00:00:00",
"dateReserved": "2023-12-10T00:00:00",
"dateUpdated": "2024-11-26T15:22:48.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50440 (GCVE-0-2023-50440)
Vulnerability from nvd – Published: 2023-12-13 00:00 – Updated: 2025-06-03 13:43
VLAI?
Summary
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim.
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30931/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-50440",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T18:27:33.353117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T13:43:44.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T20:28:25.568Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.primx.eu/fr/blog/"
},
{
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30931/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50440",
"datePublished": "2023-12-13T00:00:00.000Z",
"dateReserved": "2023-12-10T00:00:00.000Z",
"dateUpdated": "2025-06-03T13:43:44.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50439 (GCVE-0-2023-50439)
Vulnerability from nvd – Published: 2023-12-13 00:00 – Updated: 2024-08-02 22:16
VLAI?
Summary
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/fr/blog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30930/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T20:17:26.437262",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.primx.eu/fr/blog/"
},
{
"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30930/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50439",
"datePublished": "2023-12-13T00:00:00",
"dateReserved": "2023-12-10T00:00:00",
"dateUpdated": "2024-08-02T22:16:46.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16518 (GCVE-0-2018-16518)
Vulnerability from nvd – Published: 2018-09-05 15:00 – Updated: 2024-09-17 00:46
VLAI?
Summary
A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ponypot/cve/blob/master/zed_watermarkExtension.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A directory traversal vulnerability with remote code execution in Prim\u0027X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user\u0027s workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-05T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ponypot/cve/blob/master/zed_watermarkExtension.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A directory traversal vulnerability with remote code execution in Prim\u0027X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user\u0027s workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ponypot/cve/blob/master/zed_watermarkExtension.pdf",
"refsource": "MISC",
"url": "https://github.com/ponypot/cve/blob/master/zed_watermarkExtension.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16518",
"datePublished": "2018-09-05T15:00:00Z",
"dateReserved": "2018-09-05T00:00:00Z",
"dateUpdated": "2024-09-17T00:46:27.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}