VYPR
Vendor

Chocolatey

Products
6
CVEs
5
Across products
5
Status
Private

Products

6

Recent CVEs

5
  • CVE-2022-45307MedNov 29, 2022
    risk 0.28cvss 4.3epss 0.00

    Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder.

  • CVE-2022-45305MedNov 29, 2022
    risk 0.28cvss 4.3epss 0.00

    Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder.

  • CVE-2022-45304MedNov 29, 2022
    risk 0.28cvss 4.3epss 0.00

    Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder.

  • CVE-2022-45301MedNov 29, 2022
    risk 0.28cvss 4.3epss 0.00

    Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder.

  • CVE-2020-15264HigOct 20, 2020
    risk 0.00cvss 8.0epss 0.01

    The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a…