Total
1096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27298 | 1 Intel | 1 Wake Up Latency Tracer | 2024-11-21 | N/A | 8.8 HIGH |
|
Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access.
|
|||||
| CVE-2023-25944 | 1 Intel | 1 Vcust Tool | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path element in some Intel(R) VCUST Tool software downloaded before February 3nd 2023 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-25779 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-25182 | 1 Intel | 1 Unite | 2024-11-21 | N/A | 4.2 MEDIUM |
|
Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-24591 | 1 Intel | 1 Binary Configuration Tool | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) Binary Configuration Tool software before version 3.4.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-24016 | 2 Intel, Linux | 2 Quartus Prime, Linux Kernel | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software for linux may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-23577 | 1 Intel | 3 Ite Tech Consumer Infrared Driver, Nuc 11 Enthusiast Kit Nuc11phki7c, Nuc 11 Enthusiast Mini Pc Nuc11phki7caa | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-22841 | 1 Intel | 2 C621a, Server Firmware Update Utility | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-22818 | 1 Westerndigital | 1 Sandisk Security Installer | 2024-11-21 | N/A | 7.3 HIGH |
|
Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for
Windows that could allow attackers with local access to execute arbitrary code by executing the installer
in the same folder as the malicious DLL. This can lead to the execution of arbitrary
code with the privileges of the vulnerable application or obtain a certain level of persistence
on the compromised host.
|
|||||
| CVE-2023-22358 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Edge | 2024-11-21 | N/A | 7.8 HIGH |
|
In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
|
|||||
| CVE-2023-22355 | 1 Intel | 29 Advisor, Cpu Runtime, Distribution For Python and 26 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-22283 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Edge | 2024-11-21 | N/A | 6.5 MEDIUM |
|
On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
|
|||||
| CVE-2023-1745 | 1 Pandora | 1 Kmplayer | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224633 was assigned to this vulnerability.
|
|||||
| CVE-2023-0976 | 2 Apple, Trellix | 2 Macos, Agent | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. The malicious file is executed by running the TA deployment feature located in the System Tree.
|
|||||
| CVE-2023-0898 | 1 Ge | 1 Micom S1 Agile | 2024-11-21 | N/A | 5.3 MEDIUM |
|
General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application.
|
|||||
| CVE-2023-0400 | 2 Microsoft, Trellix | 2 Windows, Data Loss Prevention | 2024-11-21 | N/A | 5.9 MEDIUM |
|
The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.
|
|||||
| CVE-2023-0247 | 1 Bloom Project | 1 Bloom | 2024-11-21 | N/A | 7.8 HIGH |
|
Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1.
|
|||||
| CVE-2022-4956 | 1 Caphyon | 1 Advanced Installer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 19.7.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-240903.
|
|||||
| CVE-2022-4894 | 2 Hp, Samsung | 2046 1vr14a, 1vr14a Firmware, 209u7a and 2043 more | 2024-11-21 | N/A | 7.3 HIGH |
|
Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element.
|
|||||
| CVE-2022-47636 | 1 Outsystems | 1 Service Studio | 2024-11-21 | N/A | 7.8 HIGH |
|
A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.
|
|||||
| CVE-2022-44744 | 1 Acronis | 1 Cyber Protect Home Office | 2024-11-21 | N/A | 7.3 HIGH |
|
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
|
|||||
| CVE-2022-43474 | 1 Intel | 2 Dsp Builder, Quartus Prime | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path for the DSP Builder software installer before version 22.4 for Intel(R) FPGAs Pro Edition may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-43456 | 1 Intel | 1 Rapid Storage Technology | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) RST software before versions 16.8.5.1014.5, 17.11.3.1010.2, 18.7.6.1011.2 and 19.5.2.1049.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-43440 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 8.8 HIGH |
|
Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable
|
|||||
| CVE-2022-41998 | 1 Intel | 1 Data Center Manager | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-41982 | 1 Intel | 1 Vtune Profiler | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path element in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-41693 | 1 Intel | 1 Quartus Prime | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-41628 | 2 Intel, Microsoft | 15 Nuc P14e Laptop Element, Windows 10 1507, Windows 10 1511 and 12 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path element in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-41314 | 1 Intel | 16 Administrative Tools For Intel Network Adapters, Ethernet Controller E810, Ethernet Network Adapter E810-cqda1 and 13 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) Network Adapter installer software may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-41141 | 1 Windscribe | 1 Windscribe | 2024-11-21 | N/A | 7.8 HIGH |
|
This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Wa ...
Show More |
|||||
| CVE-2022-40978 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | N/A | 7.5 HIGH |
|
The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking
|
|||||
| CVE-2022-40746 | 2 Ibm, Microsoft | 2 I Access Client Solutions, Windows | 2024-11-21 | N/A | 7.2 HIGH |
|
IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581.
|
|||||
| CVE-2022-3859 | 1 Trellix | 1 Agent | 2024-11-21 | N/A | 6.7 MEDIUM |
|
An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.
|
|||||
| CVE-2022-39846 | 1 Samsung | 1 Smart Switch Pc | 2024-11-21 | N/A | 6.2 MEDIUM |
|
DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code.
|
|||||
| CVE-2022-39286 | 3 Debian, Fedoraproject, Jupyter | 3 Debian Linux, Fedora, Jupyter Core | 2024-11-21 | N/A | 8.8 HIGH |
|
Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds.
|
|||||
| CVE-2022-38633 | 1 Genymobile | 1 Genymotion Desktop | 2024-11-21 | N/A | 7.8 HIGH |
|
Genymotion Desktop v3.2.1 was discovered to contain a DLL hijacking vulnerability which allows attackers to escalate privileges and execute arbitrary code via a crafted binary.
|
|||||
| CVE-2022-38136 | 1 Intel | 1 Oneapi Dpc\+\+\/c\+\+ Compiler | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler for Windows and Intel Fortran Compiler for Windows before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-38101 | 1 Intel | 3 Iflashv, Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-37340 | 1 Intel | 1 Quickassist Technology | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-37329 | 1 Intel | 2 Fpga Software Development Kit, Quartus Prime | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||