ReportizFlow
Filtered by vendor
Subscriptions
Total
525 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6080 | 1 Intelbras | 1 Incontrol | 2024-11-21 | 7.8 High |
| A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and plans to provide a solution within the next few weeks. | ||||
| CVE-2024-38462 | 1 Irods | 1 Irods | 2024-11-21 | 9.8 Critical |
| iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106 reference. | ||||
| CVE-2024-36071 | 2024-11-21 | 6.3 Medium | ||
| Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search Path. | ||||
| CVE-2024-35260 | 1 Microsoft | 1 Power Platform | 2024-11-21 | 8 High |
| An authenticated attacker can exploit an Untrusted Search Path vulnerability in Microsoft Dataverse to execute code over a network. | ||||
| CVE-2024-32019 | 2024-11-21 | 8.8 High | ||
| Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is packaged as a `root`-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the `PATH` environment variable. This allows an attacker to control where `ndsudo` looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-30100 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | 7.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2024-28133 | 2024-11-21 | 7.8 High | ||
| A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root privileges. | ||||
| CVE-2024-27303 | 2024-11-21 | 7.3 High | ||
| electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. Version 24.13.2 fixes this issue. No known workaround exists. The code executes at the installer-level before the app is present on the system, so there's no way to check if it exists in a current installer. | ||||
| CVE-2024-25103 | 1 Cdac | 1 Appsamvid Software | 2024-11-21 | 6.3 Medium |
| This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system. | ||||
| CVE-2024-24810 | 1 Firegiant | 1 Wix Toolset | 2024-11-21 | 8.3 High |
| WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4. | ||||
| CVE-2024-24697 | 1 Zoom | 4 Meeting Software Development Kit, Rooms, Vdi Windows Meeting Clients and 1 more | 2024-11-21 | 7.2 High |
| Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
| CVE-2024-23304 | 1 Cybozu | 1 Kunai | 2024-11-21 | 7.5 High |
| Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations. | ||||
| CVE-2024-22410 | 2 Gluwa, Microsoft | 2 Creditcoin, Windows | 2024-11-21 | 3.3 Low |
| Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute arbitrary code. It is the view of the blockchain development team that the threat posed by a hypothetical binary planting attack is minimal and represents a low-security risk. The vulnerable DLL files are from the Windows networking subsystem, the Visual C++ runtime, and low-level cryptographic primitives. Collectively these dependencies are required for a large ecosystem of applications, ranging from enterprise-level security applications to game engines, and don’t represent a fundamental lack of security or oversight in the design and implementation of Creditcoin. The blockchain team takes the stance that running Creditcoin on Windows is officially unsupported and at best should be thought of as experimental. | ||||
| CVE-2024-22190 | 1 Gitpython Project | 1 Gitpython | 2024-11-21 | 7.8 High |
| GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41. | ||||
| CVE-2024-21435 | 1 Microsoft | 2 Windows 11 22h2, Windows 11 23h2 | 2024-11-21 | 8.8 High |
| Windows OLE Remote Code Execution Vulnerability | ||||
| CVE-2024-21325 | 1 Microsoft | 2 Microsoft Printer Metadata Troubleshooter Tool, Printer Metadata Troubleshooter Tool | 2024-11-21 | 7.8 High |
| Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability | ||||
| CVE-2024-20693 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2023-4736 | 2 Apple, Vim | 2 Macos, Vim | 2024-11-21 | 7.8 High |
| Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. | ||||
| CVE-2023-48670 | 1 Dell | 1 Supportassist For Home Pcs | 2024-11-21 | 7.3 High |
| Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. | ||||
| CVE-2023-43586 | 1 Zoom | 4 Meeting Software Development Kit, Video Software Development Kit, Virtual Desktop Infrastructure and 1 more | 2024-11-21 | 7.3 High |
| Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access. | ||||