CVE-2024-36078

MEDIUM Year: 2024
CVSS v3 Score
6.7
Medium
Weakness Type
CWE-94
View all →

Vulnerability Description

In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes (which run with the environment and permissions of the Zammad user).

Related Vulnerabilities

CVE-2017-6186

MEDIUM
CVSS:6.7(Medium)

Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-prot...

CWE-942017

CVE-2018-3686

MEDIUM
CVSS:6.7(Medium)

Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access.

CWE-942018

CVE-2018-3700

MEDIUM
CVSS:6.7(Medium)

Code injection vulnerability in the installer for Intel(R) USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 before version 5.0.4.43v2 may allow a user to potentially enable escalation...

CWE-942018

CVE-2020-8140

MEDIUM
CVSS:6.7(Medium)

A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment.

CWE-942020

CVE-2021-3411

MEDIUM
CVSS:6.7(Medium)

A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerabilit...

CWE-942021

CVE-2022-29813

MEDIUM
CVSS:6.7(Medium)

In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible

CWE-942022