Total
1096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10093 | 1 Vso-software | 1 Convertxtodvd | 2024-11-01 | 6.8 MEDIUM | 7.8 HIGH |
|
A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-48605 | 1 Helakuru | 1 Helakuru | 2024-10-30 | N/A | 7.8 HIGH |
|
An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file.
|
|||||
| CVE-2024-50583 | 2024-10-25 | N/A | 6.3 MEDIUM | ||
|
Whale browser Installer before 3.1.0.0 allows an attacker to execute a malicious DLL in the user environment due to improper permission settings.
|
|||||
| CVE-2024-49390 | 1 Acronis | 1 Cyber Files | 2024-10-18 | N/A | 7.3 HIGH |
|
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.
|
|||||
| CVE-2024-49391 | 1 Acronis | 1 Cyber Files | 2024-10-18 | N/A | 7.3 HIGH |
|
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.
|
|||||
| CVE-2024-10068 | 2024-10-18 | 6.8 MEDIUM | 7.8 HIGH | ||
|
A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. It has been classified as critical. Affected is an unknown function in the library libcrypto-1_1.dll of the file FlashFXP.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-30117 | 1 Hcltech | 1 Bigfix Platform | 2024-10-17 | N/A | 5.3 MEDIUM |
|
A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.
|
|||||
| CVE-2024-45710 | 1 Solarwinds | 1 Solarwinds Platform | 2024-10-17 | N/A | 7.8 HIGH |
|
SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine.
|
|||||
| CVE-2024-4089 | 1 Lenovo | 1 Superfile | 2024-10-17 | N/A | 7.8 HIGH |
|
A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges.
|
|||||
| CVE-2024-4130 | 1 Lenovo | 1 App Store | 2024-10-17 | N/A | 7.8 HIGH |
|
A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges.
|
|||||
| CVE-2024-4131 | 1 Lenovo | 1 Emulator | 2024-10-17 | N/A | 7.8 HIGH |
|
A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges.
|
|||||
| CVE-2024-4132 | 1 Lenovo | 1 Lock Screen | 2024-10-17 | N/A | 7.8 HIGH |
|
A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges.
|
|||||
| CVE-2024-9046 | 1 Lenovo | 1 Starstudio | 2024-10-17 | N/A | 7.8 HIGH |
|
A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges.
|
|||||
| CVE-2024-47194 | 1 Siemens | 2 Modelsim, Questa | 2024-10-16 | N/A | 7.3 HIGH |
|
A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vish2.exe in affected applications allows a specific DLL file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vish2.exe from a user-writable directory.
|
|||||
| CVE-2024-47195 | 1 Siemens | 2 Modelsim, Questa | 2024-10-16 | N/A | 7.3 HIGH |
|
A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). gdb.exe in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch gdb.exe from a user-writable directory.
|
|||||
| CVE-2024-33582 | 2024-10-15 | N/A | 7.8 HIGH | ||
|
A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges.
|
|||||
| CVE-2024-33579 | 2024-10-15 | N/A | 7.8 HIGH | ||
|
A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges.
|
|||||
| CVE-2024-33581 | 2024-10-15 | N/A | 7.8 HIGH | ||
|
A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges.
|
|||||
| CVE-2024-33580 | 2024-10-15 | N/A | 7.8 HIGH | ||
|
A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges.
|
|||||
| CVE-2024-33578 | 2024-10-15 | N/A | 7.8 HIGH | ||
|
A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges.
|
|||||
| CVE-2024-45246 | 2024-10-07 | N/A | 7.3 HIGH | ||
|
Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element
|
|||||
| CVE-2024-6510 | 1 Avg | 1 Internet Security | 2024-10-02 | N/A | 7.8 HIGH |
|
Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking.
|
|||||
| CVE-2024-34153 | 1 Intel | 1 Raid Web Console | 2024-09-23 | N/A | 7.8 HIGH |
|
Uncontrolled search path element in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-39613 | 1 Mattermost | 1 Mattermost Desktop | 2024-09-20 | N/A | 7.8 HIGH |
|
Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.
|
|||||
| CVE-2024-34016 | 2024-09-20 | N/A | 6.5 MEDIUM | ||
|
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235.
|
|||||
| CVE-2024-20430 | 1 Cisco | 1 Meraki Systems Manager | 2024-09-18 | N/A | 7.3 HIGH |
|
A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.
This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A su ...
Show More |
|||||
| CVE-2024-5290 | 2 Canonical, W1.fi | 2 Ubuntu Linux, Wpa Supplicant | 2024-09-17 | N/A | 7.8 HIGH |
|
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root).
Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
|
|||||
| CVE-2024-8441 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 6.7 MEDIUM |
|
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.
|
|||||
| CVE-2024-29015 | 1 Intel | 2 Oneapi Base Toolkit, Vtune Profiler | 2024-09-12 | N/A | 7.8 HIGH |
|
Uncontrolled search path in some Intel(R) VTune(TM) Profiler software before versions 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-28887 | 1 Intel | 2 Integrated Performance Primitives, Oneapi Base Toolkit | 2024-09-12 | N/A | 7.8 HIGH |
|
Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-24977 | 1 Intel | 1 License Manager For Flexim | 2024-09-12 | N/A | 7.8 HIGH |
|
Uncontrolled search path for some Intel(R) License Manager for FLEXlm product software before version 11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-23489 | 1 Intel | 1 Virtual Raid On Cpu | 2024-09-12 | N/A | 7.3 HIGH |
|
Uncontrolled search path for some Intel(R) VROC software before version 8.6.0.1191 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-34019 | 1 Acronis | 1 Snap Deploy | 2024-09-12 | N/A | 7.3 HIGH |
|
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
|
|||||
| CVE-2024-34017 | 1 Acronis | 1 Snap Deploy | 2024-09-12 | N/A | 7.3 HIGH |
|
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569.
|
|||||
| CVE-2024-7325 | 1 Iobit | 1 Driver Booster | 2024-09-11 | 6.8 MEDIUM | 7.8 HIGH |
|
A vulnerability was found in IObit Driver Booster 11.0.0.0. It has been rated as critical. Affected by this issue is some unknown functionality in the library VCL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The identifier of this vulnerability is VDB-273248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-23907 | 1 Intel | 3 High Level Synthesis Compiler, Oneapi Dpc\+\+\/c\+\+ Compiler, Quartus Prime | 2024-09-06 | N/A | 7.8 HIGH |
|
Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-23909 | 1 Intel | 1 Field Programmable Gate Array Software Development Kit For Opencl | 2024-09-06 | N/A | 7.8 HIGH |
|
Uncontrolled search path in some Intel(R) FPGA SDK for OpenCL(TM) software technology may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-26027 | 1 Intel | 1 Simics Package Manager | 2024-09-06 | N/A | 7.8 HIGH |
|
Uncontrolled search path for some Intel(R) Simics Package Manager software before version 1.8.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-28046 | 1 Intel | 1 Graphics Performance Analyzers | 2024-09-06 | N/A | 7.8 HIGH |
|
Uncontrolled search path in some Intel(R) GPA software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-28172 | 1 Intel | 2 Oneapi Hpc Toolkit, Trace Analyzer And Collector | 2024-09-06 | N/A | 7.3 HIGH |
|
Uncontrolled search path for some Intel(R) Trace Analyzer and Collector software before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||