CVE-2011-3640

HIGH Year: 2011
CVSS v2 Score
7.1
High
Weakness Type
CWE-426
View all →

Vulnerability Description

Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."

Related Vulnerabilities

CVE-2011-4125

CRITICAL
CVSS:9.8(Critical)

A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.

CWE-4262011

CVE-2017-12414

CRITICAL
CVSS:9.8(Critical)

Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untrusted search path is used for msimg32.dll, WindowsCodecs.dll, and dwmapi.dll.

CWE-4262017

CVE-2017-2225

CRITICAL
CVSS:9.8(Critical)

Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CWE-4262017

CVE-2018-19486

CRITICAL
CVSS:9.8(Critical)

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, becaus...

CWE-4262018

CVE-2020-15801

CRITICAL
CVSS:9.8(Critical)

In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) ...

CWE-4262020

CVE-2022-26184

CRITICAL
CVSS:9.8(Critical)

Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malici...

CWE-4262022