CVE-2021-36002

HIGH Year: 2021
CVSS v3 Score
7.3
High
CVSS v2 Score
4.4
Medium
Weakness Type
CWE-379
View all →

Vulnerability Description

Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim's machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer.

Related Vulnerabilities

CVE-2021-40708

HIGH
CVSS:7.3(High)

Adobe Genuine Service versions 7.3 (and earlier) are affected by a privilege escalation vulnerability in the AGSService installer. An authenticated attacker could leverage this vulnerability to achiev...

CWE-3792021

CVE-2021-28613

HIGH
CVSS:7.4(High)

Adobe Creative Cloud Desktop Application version 5.4 (and earlier) is affected by a file handling vulnerability that could allow an attacker to arbitrarily overwrite a file. Exploitation of this issue...

CWE-3792021

CVE-2020-11979

HIGH
CVSS:7.5(High)

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted...

CWE-3792020

CVE-2022-23950

HIGH
CVSS:7.5(High)

In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations.

CWE-3792022

CVE-2024-12911

HIGH
CVSS:7.1(High)

A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary fil...

CWE-3792024