CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-50444
https://notcve.org/view.php?id=CVE-2023-50444
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force. De forma predeterminada, los contenedores ZED producidos por PRIMX ZED! • https://www.primx.eu/en/bulletins/security-bulletin-23B30874 https://www.primx.eu/fr/blog • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2023-50440
https://notcve.org/view.php?id=CVE-2023-50440
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim. Contenedores ZED producidos por PRIMX ZED! • https://www.primx.eu/en/bulletins/security-bulletin-23B30931 https://www.primx.eu/fr/blog •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-50439
https://notcve.org/view.php?id=CVE-2023-50439
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.). Contenedores ZED producidos por PRIMX ZED! para Windows anterior a Q.2020.3 (envío de calificación ANSSI), ZED! • https://www.primx.eu/en/bulletins/security-bulletin-23B30930 https://www.primx.eu/fr/blog •
CVSS: 5.3EPSS: 0%CPEs: 11EXPL: 0CVE-2019-7312
https://notcve.org/view.php?id=CVE-2019-7312
Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199. Analyzing a Zed container can lead to the disclosure of plaintext content of very small files (a few bytes) stored into it. Existe la divulgación de texto plano limitada en PRIMX Zed Entreprise para Windows, en versiones anteriores a la 6.1.2240, en Zed Entreprise para Windows [envío de calificación ANSSI] en versiones anteriores a la 6.1.2150, en Zed Entreprise para Mac en versiones 2.0.199, en Zed Entreprise para Linux en versiones 2.0.199, en Zed Pro para Windows en versiones anteriores a la 1.0.195, en Zed Pro para Mac en versiones anteriores a la 1.0.199, en Zed Pro para Linux en versiones anteriores a la 1.0.199, en Zed Free para Windows en versiones anteriores a la 1.0.195, en Zed Free para Mac en versiones anteriores a la 1.0.199 y en Zed Free para Linux en versiones anteriores a la 1.0.199. El análisis de un contenedor Zed puede conducir a la divulgación del contenido de texto plano de archivos muy pequeños (unos pocos bytes) almacenados en dicho contenedor. • https://www.primx.eu/en/bulletins/security-bulletin-19110545 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-16518
https://notcve.org/view.php?id=CVE-2018-16518
A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder. Una vulnerabilidad de salto de directorio con ejecución remota de código en Prim'X Zed! • https://github.com/ponypot/cve/blob/master/zed_watermarkExtension.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •