Total
1096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-57963 | 2025-02-18 | N/A | 7.3 HIGH | ||
|
Insecure Loading of Dynamic Link Libraries have been discovered in USB-CONVERTERCABLE DRIVER, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems.
This issue affects USB-CONVERTERCABLE DRIVER:.
|
|||||
| CVE-2022-43703 | 1 Arm | 2 Arm Development Studio, Ds Development Studio | 2025-02-13 | N/A | 7.8 HIGH |
|
An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files.
|
|||||
| CVE-2022-38745 | 1 Apache | 1 Openoffice | 2025-02-13 | N/A | 7.8 HIGH |
|
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.
|
|||||
| CVE-2024-47006 | 2025-02-12 | N/A | 6.7 MEDIUM | ||
|
Uncontrolled search path for the Intel(R) RealSense D400 Series Universal Windows Platform (UWP) Driver for Windows(R) 10 all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-42492 | 2025-02-12 | N/A | 6.7 MEDIUM | ||
|
Uncontrolled search path element in some BIOS and System Firmware Update Package for Intel(R) Server M50FCP family before version R01.02.0002 may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-39372 | 2025-02-12 | N/A | 6.7 MEDIUM | ||
|
Uncontrolled search path for the Intel(R) XTU software for Windows before version 7.14.2.14 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-36291 | 2025-02-12 | N/A | 6.7 MEDIUM | ||
|
Uncontrolled search path for some Intel(R) Chipset Software Installation Utility before version 10.1.19867.8574 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-36283 | 2025-02-12 | N/A | 6.7 MEDIUM | ||
|
Uncontrolled search path for the Intel(R) Thread Director Visualizer software before version 1.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-36280 | 2025-02-12 | N/A | 6.7 MEDIUM | ||
|
Uncontrolled search path for some Intel(R) High Level Synthesis Compiler software before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-32938 | 2025-02-12 | N/A | 6.7 MEDIUM | ||
|
Uncontrolled search path for some Intel(R) MPI Library for Windows software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-24852 | 2025-02-12 | N/A | 6.7 MEDIUM | ||
|
Uncontrolled search path in some Intel(R) Ethernet Adapter Complete Driver Pack install before versions 29.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-21830 | 2025-02-12 | N/A | 6.7 MEDIUM | ||
|
Uncontrolled search path in some Intel(R) VPL software before version 2023.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-57426 | 2025-02-11 | N/A | 7.3 HIGH | ||
|
NetMod VPN Client 5.3.1 is vulnerable to DLL injection, allowing an attacker to execute arbitrary code by placing a malicious DLL in a directory where the application loads dependencies. This vulnerability arises due to the improper validation of dynamically loaded libraries.
|
|||||
| CVE-2023-31361 | 2025-02-11 | N/A | 7.3 HIGH | ||
|
A DLL hijacking vulnerability in AMD Integrated Management Technology (AIM-T) Manageability Service could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
|
|||||
| CVE-2025-21127 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2025-02-11 | N/A | 7.8 HIGH |
|
Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. An attacker could manipulate the search path environment variable to point to a malicious library, resulting in the execution of arbitrary code when the application loads. Exploitation of this issue requires user interaction in that a victim must run the vulnerable application.
|
|||||
| CVE-2024-48091 | 2025-02-10 | N/A | 7.8 HIGH | ||
|
Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.
|
|||||
| CVE-2022-30548 | 1 Intel | 1 Glorp | 2025-02-05 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-27638 | 1 Intel | 1 Advanced Link Analyzer | 2025-02-05 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-27187 | 1 Intel | 1 Quartus Prime | 2025-02-05 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-26086 | 1 Intel | 1 Gametechdev Presentmon | 2025-02-05 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-22184 | 1 Intel | 1 Quartus Prime | 2025-02-04 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition Design Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-38383 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2025-02-04 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition software for Windows before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-38668 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2025-02-04 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path for some Intel(R) Quartus(R) Prime Standard Edition software for Windows before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-36253 | 2 Intel, Microsoft | 2 Server Debug And Provisioning Tool, Windows | 2025-02-04 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in the Intel(R) SDP Tool for Windows software all version may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-36380 | 1 Intel | 7 Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb, Nuc Kit Nuc5pgyh and 4 more | 2025-02-04 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-22450 | 1 Dell | 1 Alienware Command Center | 2025-01-31 | N/A | 7.4 HIGH |
|
Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise.
|
|||||
| CVE-2023-39254 | 1 Dell | 1 Update Package Framework | 2025-01-31 | N/A | 6.7 MEDIUM |
|
Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin.
|
|||||
| CVE-2024-2658 | 2025-01-30 | N/A | N/A | ||
|
A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges.
|
|||||
| CVE-2023-30237 | 1 Cyberghostvpn | 1 Cyberghost | 2025-01-29 | N/A | 7.8 HIGH |
|
CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DLL injection vulnerability via the component Dashboard.exe.
|
|||||
| CVE-2022-26028 | 1 Intel | 1 Vtune Profiler | 2025-01-29 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2021-33064 | 1 Intel | 1 System Studio | 2025-01-29 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-21814 | 1 Intel | 1 Chipset Device Software | 2025-01-28 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path for some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-21837 | 1 Intel | 1 Quartus Prime | 2025-01-28 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-21777 | 1 Intel | 1 Quartus Prime | 2025-01-28 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro Edition Design software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-21862 | 1 Intel | 1 Quartus Prime | 2025-01-28 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-45743 | 1 Intel | 1 Driver \& Support Assistant | 2025-01-28 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) DSA software uninstallers before version 23.4.39.10 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-41782 | 1 Zte | 1 Zxcloud Irai | 2025-01-28 | N/A | 3.9 LOW |
|
There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.
|
|||||
| CVE-2023-41780 | 1 Zte | 1 Zxcloud Irai | 2025-01-28 | N/A | 6.4 MEDIUM |
|
There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.
|
|||||
| CVE-2023-25005 | 1 Autodesk | 1 Infraworks | 2025-01-27 | N/A | 7.8 HIGH |
|
A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability.
|
|||||
| CVE-2024-53588 | 2025-01-24 | N/A | 7.8 HIGH | ||
|
A DLL hijacking vulnerability in iTop VPN v16.0 allows attackers to execute arbitrary code via placing a crafted DLL file into the path \ProgramData\iTop VPN\Downloader\vpn6.
|
|||||