CVE-2018-4048

CRITICAL Year: 2018
CVSS v3 Score
9.3
Critical
CVSS v2 Score
7.2
High
Weakness Type
CWE-668
View all →

Vulnerability Description

An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges.

Related Vulnerabilities

CVE-2019-1848

CRITICAL
CVSS:9.3(Critical)

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability i...

CWE-6682019

CVE-2024-38368

CRITICAL
CVSS:9.3(Critical)

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods...

CWE-6682024

CVE-2007-3915

CRITICAL
CVSS:9.1(Critical)

Mondo 2.24 has insecure handling of temporary files.

CWE-6682007

CVE-2009-5042

CRITICAL
CVSS:9.1(Critical)

python-docutils allows insecure usage of temporary files

CWE-6682009

CVE-2017-5648

CRITICAL
CVSS:9.1(Critical)

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the...

CWE-6682017

CVE-2020-16263

CRITICAL
CVSS:9.1(Critical)

Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins.

CWE-6682020