Total
602 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-31012 | 1 Gitforwindows | 1 Git | 2025-04-23 | 8.2 High |
| Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into `C:\mingw64\bin\git.exe` by mistake. This only happens upon a fresh install, not when upgrading Git for Windows. A patch is included in version 2.37.1. Two workarounds are available. Create the `C:\mingw64` folder and remove read/write access from this folder, or disallow arbitrary authenticated users to create folders in `C:\`. | ||||
| CVE-2022-36070 | 2 Microsoft, Python-poetry | 2 Windows, Poetry | 2025-04-23 | 7.3 High |
| Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. `git config`. These commands are being executed using the executable’s name and not its absolute path. This can lead to the execution of untrusted code due to the way Windows resolves executable names to paths. Unlike Linux-based operating systems, Windows searches for the executable in the current directory first and looks in the paths that are defined in the `PATH` environment variable afterward. This vulnerability can lead to Arbitrary Code Execution, which would lead to the takeover of the system. If a developer is exploited, the attacker could steal credentials or persist their access. If the exploit happens on a server, the attackers could use their access to attack other internal systems. Since this vulnerability requires a fair amount of user interaction, it is not as dangerous as a remotely exploitable one. However, it still puts developers at risk when dealing with untrusted files in a way they think is safe. The victim could also not protect themself by vetting any Git or Poetry config files that might be present in the directory, because the behavior is undocumented. Versions 1.1.9 and 1.2.0b1 contain patches for this issue. | ||||
| CVE-2022-39245 | 1 Makedeb | 1 Mist | 2025-04-23 | 8.4 High |
| Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided `sudo` binary via the `PATH` variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist. | ||||
| CVE-2024-58250 | 2025-04-23 | 9.3 Critical | ||
| The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges. | ||||
| CVE-2016-4901 | 1 National Tax Agency | 1 E-tax | 2025-04-20 | N/A |
| Untrusted search path vulnerability in The installer of e-Tax Software all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2016-4900 | 1 Evernote | 1 Evernote | 2025-04-20 | N/A |
| Untrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2017-2212 | 1 Gsi | 1 Tky2jgd | 2025-04-20 | N/A |
| Untrusted search path vulnerability in TKY2JGD (TKY2JGD1379.EXE) ver. 1.3.79 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2016-4846 | 1 Securebrain | 1 Phishwall Client | 2025-04-20 | N/A |
| Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer before 3.7.8.2. | ||||
| CVE-2017-2213 | 1 Gsi | 1 Semidynaexe | 2025-04-20 | N/A |
| Untrusted search path vulnerability in SemiDynaEXE (SemiDynaEXE2008.EXE) ver. 1.0.2 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2017-3007 | 2 Adobe, Microsoft | 2 Creative Cloud, Windows | 2025-04-20 | N/A |
| Adobe Thor versions 3.9.5.353 and earlier have a vulnerability in the directory search path used to find resources, related to Creative Cloud desktop applications. | ||||
| CVE-2017-15566 | 1 Schedmd | 1 Slurm | 2025-04-20 | N/A |
| Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution. | ||||
| CVE-2017-4939 | 1 Vmware | 1 Workstation | 2025-04-20 | N/A |
| VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code. | ||||
| CVE-2017-2192 | 1 Sharp | 1 Rw-5100 | 2025-04-20 | N/A |
| Untrusted search path vulnerability in RW-5100 tool to verify execution environment for Windows 7 version 1.1.0.0 and RW-5100 tool to verify execution environment for Windows 8.1 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2017-2190 | 1 Sharp | 1 Rw-4040 | 2025-04-20 | N/A |
| Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2017-2188 | 1 Maff | 1 Denshinouhin Check System | 2025-04-20 | N/A |
| Untrusted search path vulnerability in Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) 2014 March Edition (Ver.9.0.001.001) [Updated on 2017 June 9], (Ver.8.0.001.001) [Updated on 2016 May 31] and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2017-2177 | 1 Shogyo | 1 Touki Denshi | 2025-04-20 | N/A |
| Untrusted search path vulnerability in Installer of Shogyo Touki Denshi Ninsho Software Ver 1.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2017-2206 | 1 Saat | 1 Netizen | 2025-04-20 | N/A |
| Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2017-2207 | 1 Saat | 1 Personal | 2025-04-20 | N/A |
| Untrusted search path vulnerability in the installer of SaAT Personal ver.1.0.10.272 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2017-2211 | 1 Gsi | 1 Patchjgd | 2025-04-20 | N/A |
| Untrusted search path vulnerability in PatchJGD (Hyoko) (PatchJGDh101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2017-2214 | 1 Jiransoft | 2 Appcheck, Appcheck Pro | 2025-04-20 | N/A |
| Untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory. | ||||