Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4632 | 1 Lenovo | 1 System Update | 2024-09-03 | 7.8 High |
| An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges. | ||||
| CVE-2024-23491 | 1 Intel | 3 Distribution For Gdb, Distribution For Gdb Software, Oneapi Base Toolkit | 2024-08-31 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-34350 | 1 Intel | 1 Extreme Tuning Utility | 2024-08-30 | 6.7 Medium |
| Uncontrolled search path element in some Intel(R) XTU software before version 7.12.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-33874 | 1 Intel | 7 Hid Event Filter Driver, Nuc 12 Pro Board Nuc12wsbv5, Nuc 12 Pro Board Nuc12wsbv7 and 4 more | 2024-08-30 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) NUC 12 Pro Kits & Mini PCs - NUC12WS Intel(R) HID Event Filter Driver installation software before version 2.2.2.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-32660 | 1 Intel | 2 Nuc Kit Nuc6i7kyk, Thunderbolt 3 Controller Firmware | 2024-08-30 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) NUC Kit NUC6i7KYK Thunderbolt(TM) 3 Firmware Update Tool installation software before version 46 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-29161 | 1 Intel | 1 One Boot Flash Update | 2024-08-30 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-34430 | 1 Intel | 1 Battery Life Diagnostic Tool | 2024-08-30 | 6.7 Medium |
| Uncontrolled search path in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-29504 | 1 Intel | 1 Realsense D400 Series Dynamic Calibration Tool | 2024-08-30 | 6.7 Medium |
| Uncontrolled search path element in some Intel(R) RealSense(TM) Dynamic Calibration software before version 2.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-21788 | 2024-08-29 | 6.7 Medium | ||
| Uncontrolled search path in some Intel(R) GPA software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-46814 | 2 Microsoft, Videolan | 2 Windows, Vlc Media Player | 2024-08-29 | 7.8 High |
| A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM. | ||||
| CVE-2023-22818 | 1 Westerndigital | 1 Sandisk Security Installer | 2024-08-29 | 7.3 High |
| Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution of arbitrary code with the privileges of the vulnerable application or obtain a certain level of persistence on the compromised host. | ||||
| CVE-2023-41613 | 2 Ezviz, Microsoft | 2 Ezviz Studio, Windows | 2024-08-28 | 7.8 High |
| EzViz Studio v2.2.0 is vulnerable to DLL hijacking. | ||||
| CVE-2023-0213 | 2 M-files, Microsoft | 2 M-files, Windows | 2024-08-28 | 8.8 High |
| Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking. | ||||
| CVE-2024-22167 | 2024-08-28 | 7.9 High | ||
| A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. This vulnerability is only exploitable locally if an attacker has access to a copy of the user's vault or has already gained access into a user's system. This attack is limited to the system in context and cannot be propagated. | ||||
| CVE-2024-7061 | 1 Okta | 1 Verify | 2024-08-28 | 5.5 Medium |
| Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. The vulnerability is fixed in Okta Verify for Windows version 5.0.2. To remediate this vulnerability, upgrade to 5.0.2 or greater. | ||||
| CVE-2024-37127 | 1 Dell | 1 Peripheral Manager | 2024-08-27 | 7.8 High |
| Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | ||||
| CVE-2024-5929 | 1 Vipre | 1 Advanced Security | 2024-08-23 | 7.8 High |
| VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Patch Management Agent. The issue results from loading a file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22316. | ||||
| CVE-2024-1595 | 2024-08-22 | 7.8 High | ||
| Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed. | ||||
| CVE-2023-6132 | 2024-08-22 | 7.3 High | ||
| The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL. | ||||
| CVE-2023-41961 | 2024-08-21 | 6.7 Medium | ||
| Uncontrolled search path in some Intel(R) GPA software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||