chocolatey CVE 脆弱性と CVE 一覧(6)

製品(CPE): — CVE 件数: 6

chocolatey 脆弱性概要

chocolatey 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

公開された問題は vendor risk file inclusion に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で ファイル上書き and vendor impact unauthorized access などの暴露リスクを伴う場合があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 16 / 6 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2022-45307 Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder. [email protected] 4.3 0.35% 2022-11-28 2026-06-17
CVE-2022-45306 Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder. [email protected] 4.3 0.35% 2022-11-28 2026-06-17
CVE-2022-45305 Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder. [email protected] 4.3 0.35% 2022-11-28 2026-06-17
CVE-2022-45304 Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder. [email protected] 4.3 0.35% 2022-11-28 2026-06-17
CVE-2022-45301 Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder. [email protected] 4.3 0.35% 2022-11-28 2026-06-17
CVE-2020-15264 The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looking for. For example, WptsExtensions.dll When Windows starts, it'll execute the code in DllMain() with SYSTEM privileges. Any unprivileged user can execute code with SYSTEM privileges. The issue is fixed [email protected] 8.0 1.49% 2020-10-20 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence