CWE-426
Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
CVE-2011-4125 (GCVE-0-2011-4125)
Vulnerability from cvelistv5
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:01:50.441Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2011/11/02/2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.launchpad.net/calibre/+bug/885027" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lwn.net/Articles/464824/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Calibre", "vendor": "n/a", "versions": [ { "status": "affected", "version": "unknown" } ] } ], "descriptions": [ { "lang": "en", "value": "A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-426", "description": "CWE-426", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-27T00:50:09", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.openwall.com/lists/oss-security/2011/11/02/2" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.launchpad.net/calibre/+bug/885027" }, { "tags": [ "x_refsource_MISC" ], "url": "https://lwn.net/Articles/464824/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4125", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Calibre", "version": { "version_data": [ { "version_value": "unknown" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-426" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/", "refsource": "MISC", "url": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/" }, { "name": "https://www.openwall.com/lists/oss-security/2011/11/02/2", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2011/11/02/2" }, { "name": "https://bugs.launchpad.net/calibre/+bug/885027", "refsource": "MISC", "url": "https://bugs.launchpad.net/calibre/+bug/885027" }, { "name": "https://lwn.net/Articles/464824/", "refsource": "MISC", "url": "https://lwn.net/Articles/464824/" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4125", "datePublished": "2021-10-27T00:50:09", "dateReserved": "2011-10-18T00:00:00", "dateUpdated": "2024-08-07T00:01:50.441Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-20123 (GCVE-0-2017-20123)
Vulnerability from cvelistv5
- CWE-426 - Untrusted Search Path
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
unspecified | Viscosity |
Version: 1.6.7 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T21:45:25.965Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2017/Feb/1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/kacperszurek/exploits/tree/master/Viscosity" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://vuldb.com/?id.96639" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-20123", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-04-14T16:55:28.155814Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-15T14:08:34.930Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Viscosity", "vendor": "unspecified", "versions": [ { "status": "affected", "version": "1.6.7" } ] } ], "credits": [ { "lang": "en", "value": "Kacper Szurek" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-426", "description": "CWE-426 Untrusted Search Path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-30T05:05:23.000Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://seclists.org/fulldisclosure/2017/Feb/1" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/kacperszurek/exploits/tree/master/Viscosity" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://vuldb.com/?id.96639" } ], "title": "Viscosity DLL untrusted search path", "x_generator": "vuldb.com", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2017-20123", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "Viscosity DLL untrusted search path" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Viscosity", "version": { "version_data": [ { "version_value": "1.6.7" } ] } } ] }, "vendor_name": "" } ] } }, "credit": "Kacper Szurek", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component." } ] }, "generator": "vuldb.com", "impact": { "cvss": { "baseScore": "8.8", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-426 Untrusted Search Path" } ] } ] }, "references": { "reference_data": [ { "name": "http://seclists.org/fulldisclosure/2017/Feb/1", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2017/Feb/1" }, { "name": "https://github.com/kacperszurek/exploits/tree/master/Viscosity", "refsource": "MISC", "url": "https://github.com/kacperszurek/exploits/tree/master/Viscosity" }, { "name": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/", "refsource": "MISC", "url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/" }, { "name": "https://vuldb.com/?id.96639", "refsource": "MISC", "url": "https://vuldb.com/?id.96639" } ] } } } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2017-20123", "datePublished": "2022-06-30T05:05:23.000Z", "dateReserved": "2022-06-27T00:00:00.000Z", "dateUpdated": "2025-04-15T14:08:34.930Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-10874 (GCVE-0-2018-10874)
Vulnerability from cvelistv5
► | URL | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:46:47.224Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:2166", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2166" }, { "name": "RHSA-2018:2152", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2152" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874" }, { "name": "RHSA-2018:2150", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2150" }, { "name": "1041396", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041396" }, { "name": "RHBA-2018:3788", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHBA-2018:3788" }, { "name": "RHSA-2019:0054", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:0054" }, { "name": "RHSA-2018:2151", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2151" }, { "name": "RHSA-2018:2321", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2321" }, { "name": "RHSA-2018:2585", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2585" }, { "name": "USN-4072-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4072-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ansible", "vendor": "[UNKNOWN]", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-06-29T00:00:00", "descriptions": [ { "lang": "en", "value": "In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker\u0027s control, allowing to run arbitrary code as a result." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-426", "description": "CWE-426", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-07-25T01:06:05", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2018:2166", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2166" }, { "name": "RHSA-2018:2152", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2152" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874" }, { "name": "RHSA-2018:2150", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2150" }, { "name": "1041396", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041396" }, { "name": "RHBA-2018:3788", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHBA-2018:3788" }, { "name": "RHSA-2019:0054", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:0054" }, { "name": "RHSA-2018:2151", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2151" }, { "name": "RHSA-2018:2321", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2321" }, { "name": "RHSA-2018:2585", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2585" }, { "name": "USN-4072-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4072-1/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-10874", "datePublished": "2018-07-02T13:00:00", "dateReserved": "2018-05-09T00:00:00", "dateUpdated": "2024-08-05T07:46:47.224Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-10875 (GCVE-0-2018-10875)
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:46:47.518Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:2166", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2166" }, { "name": "RHSA-2018:2152", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2152" }, { "name": "RHSA-2018:2150", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2150" }, { "name": "1041396", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041396" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875" }, { "name": "RHBA-2018:3788", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHBA-2018:3788" }, { "name": "RHSA-2019:0054", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:0054" }, { "name": "RHSA-2018:2151", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2151" }, { "name": "RHSA-2018:2321", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2321" }, { "name": "RHSA-2018:2585", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2585" }, { "name": "DSA-4396", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4396" }, { "name": "openSUSE-SU-2019:1125", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" }, { "name": "USN-4072-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4072-1/" }, { "name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1923-1] ansible security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ansible", "vendor": "[UNKNOWN]", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-06-29T00:00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-426", "description": "CWE-426", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-09-16T14:06:20", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2018:2166", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2166" }, { "name": "RHSA-2018:2152", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2152" }, { "name": "RHSA-2018:2150", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2150" }, { "name": "1041396", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041396" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875" }, { "name": "RHBA-2018:3788", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHBA-2018:3788" }, { "name": "RHSA-2019:0054", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:0054" }, { "name": "RHSA-2018:2151", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2151" }, { "name": "RHSA-2018:2321", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2321" }, { "name": "RHSA-2018:2585", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2585" }, { "name": "DSA-4396", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2019/dsa-4396" }, { "name": "openSUSE-SU-2019:1125", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" }, { "name": "USN-4072-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4072-1/" }, { "name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1923-1] ansible security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-10875", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ansible", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "[UNKNOWN]" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code." } ] }, "impact": { "cvss": [ [ { "vectorString": "7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-426" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2018:2166", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2166" }, { "name": "RHSA-2018:2152", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2152" }, { "name": "RHSA-2018:2150", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2150" }, { "name": "1041396", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041396" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875" }, { "name": "RHBA-2018:3788", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2018:3788" }, { "name": "RHSA-2019:0054", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0054" }, { "name": "RHSA-2018:2151", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2151" }, { "name": "RHSA-2018:2321", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2321" }, { "name": "RHSA-2018:2585", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2585" }, { "name": "DSA-4396", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4396" }, { "name": "openSUSE-SU-2019:1125", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html" }, { "name": "USN-4072-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4072-1/" }, { "name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1923-1] ansible security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-10875", "datePublished": "2018-07-13T22:00:00", "dateReserved": "2018-05-09T00:00:00", "dateUpdated": "2024-08-05T07:46:47.518Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-10904 (GCVE-0-2018-10904)
Vulnerability from cvelistv5
► | URL | Tags | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:54:34.745Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:2607", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2607" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://review.gluster.org/#/c/glusterfs/+/21072/" }, { "name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html" }, { "name": "RHSA-2018:2608", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2608" }, { "name": "RHSA-2018:3470", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3470" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904" }, { "name": "GLSA-201904-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201904-06" }, { "name": "openSUSE-SU-2020:0079", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" }, { "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "glusterfs", "vendor": "Red Hat", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-09-04T00:00:00", "descriptions": [ { "lang": "en", "value": "It was found that glusterfs server does not properly sanitize file paths in the \"trusted.io-stats-dump\" extended attribute which is used by the \"debug/io-stats\" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-426", "description": "CWE-426", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-02T02:06:27", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2018:2607", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2607" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://review.gluster.org/#/c/glusterfs/+/21072/" }, { "name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html" }, { "name": "RHSA-2018:2608", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2608" }, { "name": "RHSA-2018:3470", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3470" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904" }, { "name": "GLSA-201904-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201904-06" }, { "name": "openSUSE-SU-2020:0079", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" }, { "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-10904", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "glusterfs", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Red Hat" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "It was found that glusterfs server does not properly sanitize file paths in the \"trusted.io-stats-dump\" extended attribute which is used by the \"debug/io-stats\" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume." } ] }, "impact": { "cvss": [ [ { "vectorString": "8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-426" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2018:2607", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2607" }, { "name": "https://review.gluster.org/#/c/glusterfs/+/21072/", "refsource": "CONFIRM", "url": "https://review.gluster.org/#/c/glusterfs/+/21072/" }, { "name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html" }, { "name": "RHSA-2018:2608", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2608" }, { "name": "RHSA-2018:3470", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3470" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904" }, { "name": "GLSA-201904-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201904-06" }, { "name": "openSUSE-SU-2020:0079", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" }, { "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-10904", "datePublished": "2018-09-04T13:00:00", "dateReserved": "2018-05-09T00:00:00", "dateUpdated": "2024-08-05T07:54:34.745Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-12449 (GCVE-0-2018-12449)
Vulnerability from cvelistv5
► | URL | Tags | |||
---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
NAVER Corporation | Whale Browser Installer |
Version: unspecified < |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T08:38:06.398Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cve.naver.com/detail/cve-2018-12449" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Whale Browser Installer", "vendor": "NAVER Corporation", "versions": [ { "lessThanOrEqual": "0.4.3.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Kushal Arvind Shah of Fortinet\u0027s FortiGuard Labs" } ], "datePublic": "2018-10-10T00:00:00", "descriptions": [ { "lang": "en", "value": "The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-426", "description": "CWE-426", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T12:57:01", "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6", "shortName": "naver" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cve.naver.com/detail/cve-2018-12449" } ], "source": { "discovery": "EXTERNAL" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@navercorp.com", "ID": "CVE-2018-12449", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Whale Browser Installer", "version": { "version_data": [ { "affected": "\u003c=", "version_affected": "\u003c=", "version_value": "0.4.3.0" } ] } } ] }, "vendor_name": "NAVER Corporation" } ] } }, "credit": [ { "lang": "eng", "value": "Kushal Arvind Shah of Fortinet\u0027s FortiGuard Labs" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-426" } ] } ] }, "references": { "reference_data": [ { "name": "https://cve.naver.com/detail/cve-2018-12449", "refsource": "CONFIRM", "url": "https://cve.naver.com/detail/cve-2018-12449" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6", "assignerShortName": "naver", "cveId": "CVE-2018-12449", "datePublished": "2018-10-11T13:00:00", "dateReserved": "2018-06-15T00:00:00", "dateUpdated": "2024-08-05T08:38:06.398Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-7365 (GCVE-0-2018-7365)
Vulnerability from cvelistv5
- CWE-426 - Untrusted Search Path
► | URL | Tags | |||
---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
ZTE | uSmartView |
Version: unspecified < |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:24:11.865Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010005" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "uSmartView", "vendor": "ZTE", "versions": [ { "lessThanOrEqual": "ZXCLOUD iRAI V5.01.05", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2018-12-20T00:00:00", "descriptions": [ { "lang": "en", "value": "All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-426", "description": "CWE-426: Untrusted Search Path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-20T13:57:01", "orgId": "6786b568-6808-4982-b61f-398b0d9679eb", "shortName": "zte" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010005" } ], "source": { "discovery": "UNKNOWN" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@zte.com.cn", "ID": "CVE-2018-7365", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "uSmartView", "version": { "version_data": [ { "affected": "\u003c=", "version_affected": "\u003c=", "version_value": "ZXCLOUD iRAI V5.01.05" } ] } } ] }, "vendor_name": "ZTE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-426: Untrusted Search Path" } ] } ] }, "references": { "reference_data": [ { "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010005", "refsource": "CONFIRM", "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010005" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb", "assignerShortName": "zte", "cveId": "CVE-2018-7365", "datePublished": "2018-12-20T14:00:00", "dateReserved": "2018-02-22T00:00:00", "dateUpdated": "2024-08-05T06:24:11.865Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-10971 (GCVE-0-2019-10971)
Vulnerability from cvelistv5
- CWE-426 - UNTRUSTED SEARCH PATH
► | URL | Tags | |||
---|---|---|---|---|---|
|
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Network Configurator for DeviceNet Safety |
Version: 3.41 and prior |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:40:15.456Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-134-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Network Configurator for DeviceNet Safety", "vendor": "n/a", "versions": [ { "status": "affected", "version": "3.41 and prior" } ] } ], "descriptions": [ { "lang": "en", "value": "The application (Network Configurator for DeviceNet Safety 3.41 and prior) searches for resources by means of an untrusted search path that could execute a malicious .dll file not under the application\u0027s direct control and outside the intended directories." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-426", "description": "UNTRUSTED SEARCH PATH CWE-426", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-12T15:03:59", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-134-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-10971", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Network Configurator for DeviceNet Safety", "version": { "version_data": [ { "version_value": "3.41 and prior" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The application (Network Configurator for DeviceNet Safety 3.41 and prior) searches for resources by means of an untrusted search path that could execute a malicious .dll file not under the application\u0027s direct control and outside the intended directories." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "UNTRUSTED SEARCH PATH CWE-426" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-134-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-134-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-10971", "datePublished": "2019-06-12T15:03:59", "dateReserved": "2019-04-08T00:00:00", "dateUpdated": "2024-08-04T22:40:15.456Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-17099 (GCVE-0-2019-17099)
Vulnerability from cvelistv5
- CWE-426 - Untrusted Search Path
► | URL | Tags |
---|---|---|
Vendor | Product | Version | ||
---|---|---|---|---|
Bitdefender | EPSecurityService.exe |
Version: 6.6.11.162 and prior |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T01:33:17.015Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-epsecurityservice-exe-va-3500/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "EPSecurityService.exe", "vendor": "Bitdefender", "versions": [ { "status": "affected", "version": "6.6.11.162 and prior" } ] } ], "credits": [ { "lang": "en", "value": "Bugcrowd user khangkito" } ], "datePublic": "2019-12-18T00:00:00", "descriptions": [ { "lang": "en", "value": "An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-426", "description": "CWE-426 Untrusted Search Path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-27T17:23:06", "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-epsecurityservice-exe-va-3500/" } ], "solutions": [ { "lang": "en", "value": "Automatic update to version 6.6.11.163 mitigates the issue." } ], "source": { "advisory": "VA-3500", "defect": [ "VA-3500" ], "discovery": "UNKNOWN" }, "title": "Untrusted Search Path vulnerability in EPSecurityService.exe (VA-3500)", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve-requests@bitdefender.com", "DATE_PUBLIC": "2019-12-18T10:00:00.000Z", "ID": "CVE-2019-17099", "STATE": "PUBLIC", "TITLE": "Untrusted Search Path vulnerability in EPSecurityService.exe (VA-3500)" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "EPSecurityService.exe", "version": { "version_data": [ { "version_value": "6.6.11.162 and prior" } ] } } ] }, "vendor_name": "Bitdefender" } ] } }, "credit": [ { "lang": "eng", "value": "Bugcrowd user khangkito" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-426 Untrusted Search Path" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-epsecurityservice-exe-va-3500/", "refsource": "CONFIRM", "url": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-epsecurityservice-exe-va-3500/" } ] }, "solution": [ { "lang": "en", "value": "Automatic update to version 6.6.11.163 mitigates the issue." } ], "source": { "advisory": "VA-3500", "defect": [ "VA-3500" ], "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "assignerShortName": "Bitdefender", "cveId": "CVE-2019-17099", "datePublished": "2020-01-27T17:23:06.763797Z", "dateReserved": "2019-10-02T00:00:00", "dateUpdated": "2024-09-16T17:02:47.446Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-17100 (GCVE-0-2019-17100)
Vulnerability from cvelistv5
- CWE-426 - Untrusted Search Path
Vendor | Product | Version | ||
---|---|---|---|---|
Bitdefender | bdserviceshost.exe |
Version: unspecified < |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T01:33:17.262Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-bitdefender-total-security-2020-va-5895/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "bdserviceshost.exe", "vendor": "Bitdefender", "versions": [ { "lessThanOrEqual": "24.0.12.69", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2019-12-19T00:00:00", "descriptions": [ { "lang": "en", "value": "An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-426", "description": "CWE-426 Untrusted Search Path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-27T13:55:17", "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-bitdefender-total-security-2020-va-5895/" } ], "solutions": [ { "lang": "en", "value": "Automatic update to Bitdefender Total Security version 24.0.12.69 mitigates the issue" } ], "source": { "advisory": "VA-5895", "defect": [ "VA-5895" ], "discovery": "UNKNOWN" }, "title": "Untrusted Search Path vulnerability in Bitdefender Total Security 2020 (VA-5895)", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve-requests@bitdefender.com", "DATE_PUBLIC": "2019-12-19T10:00:00.000Z", "ID": "CVE-2019-17100", "STATE": "PUBLIC", "TITLE": "Untrusted Search Path vulnerability in Bitdefender Total Security 2020 (VA-5895)" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "bdserviceshost.exe", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "24.0.12.69" } ] } } ] }, "vendor_name": "Bitdefender" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-426 Untrusted Search Path" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-bitdefender-total-security-2020-va-5895/", "refsource": "MISC", "url": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-bitdefender-total-security-2020-va-5895/" } ] }, "solution": [ { "lang": "en", "value": "Automatic update to Bitdefender Total Security version 24.0.12.69 mitigates the issue" } ], "source": { "advisory": "VA-5895", "defect": [ "VA-5895" ], "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "assignerShortName": "Bitdefender", "cveId": "CVE-2019-17100", "datePublished": "2020-01-27T13:55:17.731390Z", "dateReserved": "2019-10-02T00:00:00", "dateUpdated": "2024-09-17T03:17:55.533Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation
Phases: Architecture and Design, Implementation
Strategy: Attack Surface Reduction
Description:
- Hard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428.
Mitigation
Phase: Implementation
Description:
- When invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code refer to these paths.
Mitigation
Phase: Implementation
Description:
- Remove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths.
Mitigation
Phase: Implementation
Description:
- Check your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory.
Mitigation
Phase: Implementation
Description:
- Use other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of it, while execl() and execv() require a full path.
CAPEC-38: Leveraging/Manipulating Configuration File Search Paths
This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.