Search
Total
15 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41117 | 1 Enterprisedb | 1 Postgres Advanced Server | 2023-12-14 | N/A | 9.8 CRITICAL |
| An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks. | |||||
| CVE-2023-41790 | 1 Artica | 1 Pandora Fms | 2023-11-29 | N/A | 9.8 CRITICAL |
| Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773. | |||||
| CVE-2023-37490 | 1 Sap | 1 Businessobjects Business Intelligence | 2023-08-09 | N/A | 9.0 CRITICAL |
| SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the confidentiality, integrity, and availability of the system | |||||
| CVE-2021-28955 | 1 Git-bug Project | 1 Git-bug | 2022-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows). | |||||
| CVE-2022-24955 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have an Uncontrolled Search Path Element for DLL files. | |||||
| CVE-2019-7653 | 1 Rdflib Project | 1 Rdflib | 2021-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts directory. | |||||
| CVE-2020-27955 | 1 Git Large File Storage Project | 1 Git Large File Storage | 2021-12-16 | 10.0 HIGH | 9.8 CRITICAL |
| Git LFS 2.12.0 allows Remote Code Execution. | |||||
| CVE-2019-20856 | 2 Apple, Mattermost | 2 Macos, Mattermost Desktop | 2021-09-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection. | |||||
| CVE-2019-9546 | 1 Solarwinds | 1 Orion Platform | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service. | |||||
| CVE-2020-10515 | 2 Microsoft, Starface | 2 Windows, Unified Communication \& Collaboration Client | 2020-04-06 | 10.0 HIGH | 9.8 CRITICAL |
| STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006. | |||||
| CVE-2017-3090 | 1 Adobe | 1 Digital Editions | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of browser related library extensions in the installer plugin. A successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-12805 | 1 Adobe | 1 Connect | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2017-6517 | 1 Microsoft | 1 Skype | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process. | |||||
| CVE-2017-3097 | 1 Adobe | 1 Digital Editions | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading functions in the installer plugin. A successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3092 | 1 Adobe | 1 Digital Editions | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of editor control library functions in the installer plugin. A successful exploitation could lead to arbitrary code execution. | |||||