Total
1096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36344 | 1 Dieboldnixdorf | 1 Vynamic View | 2024-11-21 | N/A | 7.8 HIGH |
|
An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature.
|
|||||
| CVE-2023-35897 | 1 Ibm | 2 Storage Protect, Storage Protect Client | 2024-11-21 | N/A | 8.4 HIGH |
|
IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246.
|
|||||
| CVE-2023-35769 | 1 Intel | 1 Computing Improvement Program | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) CIP software before version 2.4.10577 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-35060 | 1 Intel | 1 Battery Life Diagnostic Tool | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) Battery Life Diagnostic Tool software before version 2.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-34430 | 1 Intel | 1 Battery Life Diagnostic Tool | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-34355 | 1 Intel | 2 Integrated Bmc Video Driver, Server Board M10jnp2sb | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path element for some Intel(R) Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-34350 | 1 Intel | 1 Extreme Tuning Utility | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path element in some Intel(R) XTU software before version 7.12.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-33874 | 1 Intel | 7 Hid Event Filter Driver, Nuc 12 Pro Board Nuc12wsbv5, Nuc 12 Pro Board Nuc12wsbv7 and 4 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) NUC 12 Pro Kits & Mini PCs - NUC12WS Intel(R) HID Event Filter Driver installation software before version 2.2.2.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-32660 | 1 Intel | 2 Nuc Kit Nuc6i7kyk, Thunderbolt 3 Controller Firmware | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) NUC Kit NUC6i7KYK Thunderbolt(TM) 3 Firmware Update Tool installation software before version 46 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-32646 | 1 Intel | 1 Virtual Raid On Cpu | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path element in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-32618 | 1 Intel | 1 Oneapi | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-32272 | 1 Intel | 1 Nuc Pro Software Suite | 2024-11-21 | N/A | 7.9 HIGH |
|
Uncontrolled search path in some Intel NUC Pro Software Suite Configuration Tool software installers before version 3.0.0.6 may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2023-31543 | 1 Pipreqs Project | 1 Pipreqs | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server.
|
|||||
| CVE-2023-31210 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 8.8 HIGH |
|
Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries
|
|||||
| CVE-2023-31197 | 1 Intel | 1 Trace Analyzer And Collector | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in the Intel(R) Trace Analyzer and Collector before version 2020 update 3 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-31027 | 2 Microsoft, Nvidia | 2 Windows, Virtual Gpu | 2024-11-21 | N/A | 8.2 HIGH |
|
NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges.
|
|||||
| CVE-2023-31016 | 2 Microsoft, Nvidia | 2 Windows, Virtual Gpu | 2024-11-21 | N/A | 7.3 HIGH |
|
NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
|
|||||
| CVE-2023-2355 | 1 Acronis | 1 Snap Deploy | 2024-11-21 | N/A | 7.8 HIGH |
|
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900.
|
|||||
| CVE-2023-29504 | 1 Intel | 1 Realsense D400 Series Dynamic Calibration Tool | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path element in some Intel(R) RealSense(TM) Dynamic Calibration software before version 2.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-29445 | 1 Ptc | 3 Kepware Kepserverex, Thingworx Industrial Connectivity, Thingworx Kepware Server | 2024-11-21 | N/A | 7.8 HIGH |
|
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM.
|
|||||
| CVE-2023-29444 | 1 Ptc | 3 Kepware Kepserverex, Thingworx Industrial Connectivity, Thingworx Kepware Server | 2024-11-21 | N/A | 6.3 MEDIUM |
|
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution.
|
|||||
| CVE-2023-29187 | 1 Sap | 1 Sapsetup | 2024-11-21 | N/A | 6.7 MEDIUM |
|
A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup (Software Installation Program) - version 9.0, resulting in a privilege escalation running code as administrator of the very same Windows PC. A successful attack depends on various preconditions beyond the attackers control.
|
|||||
| CVE-2023-29161 | 1 Intel | 1 One Boot Flash Update | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-29151 | 1 Intel | 1 Platform Service Record Software Development Kit | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path element in some Intel(R) PSR SDK before version 1.0.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-29069 | 1 Autodesk | 1 Desktop Connector | 2024-11-21 | N/A | 7.8 HIGH |
|
A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability.
|
|||||
| CVE-2023-29012 | 1 Git For Windows Project | 1 Git For Windows | 2024-11-21 | N/A | 7.2 HIGH |
|
Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. The problem has been patched in Git for Windows v2.40.1. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory.
|
|||||
| CVE-2023-29011 | 1 Git For Windows Project | 1 Git For Windows | 2024-11-21 | N/A | 7.5 HIGH |
|
Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:\etc\connectrc`. Since `C:\etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed ...
Show More |
|||||
| CVE-2023-28929 | 2 Microsoft, Trendmicro | 13 Windows, Antivirus\+ Security 2021, Antivirus\+ Security 2022 and 10 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.
|
|||||
| CVE-2023-28823 | 1 Intel | 29 Advisor For Oneapi, Cpu Runtime For Opencl Applications, Distribution For Python Programming Language and 26 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-28740 | 2 Intel, Microsoft | 4 Quickassist Technology, Quickassist Technology Firmware, Quickassist Technology Library and 1 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path element in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-28596 | 1 Zoom | 1 Meetings | 2024-11-21 | N/A | 7.8 HIGH |
|
Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to privileges to root.
|
|||||
| CVE-2023-28407 | 1 Intel | 1 Extreme Tuning Utility | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-28405 | 1 Intel | 1 Openvino | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2022.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-28388 | 1 Intel | 1 Chipset Device Software | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path element in some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-28380 | 1 Intel | 1 Ai Hackathon | 2024-11-21 | N/A | 8.8 HIGH |
|
Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
|
|||||
| CVE-2023-28140 | 1 Qualys | 1 Cloud Agent | 2024-11-21 | N/A | 6.7 MEDIUM |
|
An Executable Hijacking condition exists in the
Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers
may load a malicious copy of a Dependency Link Library (DLL) via a local
attack vector instead of the DLL that the application was expecting, when
processes are running with escalated privileges. This vulnerability
is bounded only to the time of uninstallation and can only be exploited
locally.
At the time of this disclosure, versions before 4.0 are classified as End ...
Show More |
|||||
| CVE-2023-28080 | 1 Dell | 1 Powerpath | 2024-11-21 | N/A | 6.7 MEDIUM |
|
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.
|
|||||
| CVE-2023-27908 | 1 Autodesk | 1 Installer | 2024-11-21 | N/A | 7.8 HIGH |
|
A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability.
|
|||||
| CVE-2023-27513 | 1 Intel | 1 Server Information Retrieval Utility | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path element in some Intel(R) Server Information Retrieval Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-27386 | 1 Intel | 1 Pathfinder For Risc-v | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||