Vulnerabilities > Primx

DATE CVE VULNERABILITY TITLE RISK
2023-12-13 CVE-2023-50439 Unspecified vulnerability in Primx Zed!, Zedmail and Zonecentral
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission), ZED! for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission), ZONECENTRAL for Windows before 2023.5, or ZEDMAIL for Windows before 2023.5 disclose the original path in which the containers were created, which allows an unauthenticated attacker to obtain some information regarding the context of use (project name, etc.).
network
low complexity
primx
5.3
2023-12-13 CVE-2023-50440 Unspecified vulnerability in Primx Zed!, Zedmail and Zonecentral
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim.
local
low complexity
primx
5.5
2023-12-13 CVE-2023-50442 Unspecified vulnerability in Primx Zonecentral 6.1.2240
Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be modified by a local attacker (with appropriate privileges) so that specific file types are excluded from encryption temporarily.
local
low complexity
primx
5.5
2023-12-13 CVE-2023-50443 Unspecified vulnerability in Primx Cryhod 2020.2/2020.3/2021.2
Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (ANSSI qualification submission) or CRYHOD for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which disks are opened.
low complexity
primx
4.6
2023-12-13 CVE-2023-50441 Unspecified vulnerability in Primx Zonecentral 6.1.2240
Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission) or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which folders are opened.
local
low complexity
primx
5.5
2023-12-13 CVE-2023-50444 Improper Restriction of Excessive Authentication Attempts vulnerability in Primx Zed!, Zedmail and Zonecentral
By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.
network
low complexity
primx CWE-307
7.5
2019-02-03 CVE-2019-7312 Information Exposure vulnerability in Primx Zed, Zedmail and Zonecentral
Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows (ANSSI qualification submission) before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac before 1.0.199, Zed Pro for Linux before 1.0.199, Zed Free for Windows before 1.0.195, Zed Free for Mac before 1.0.199, and Zed Free for Linux before 1.0.199.
network
low complexity
primx CWE-200
5.3
2018-11-14 CVE-2018-19279 Cleartext Storage of Sensitive Information vulnerability in Primx Zonecentral
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files.
low complexity
primx CWE-312
4.3
2018-09-05 CVE-2018-16518 Path Traversal vulnerability in Primx Zed! and Zed! Free
A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder.
network
low complexity
primx CWE-22
critical
9.8