Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39708 | 2024-10-31 | 7 High | ||
| An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory (used by .NET Shadow Copies) such that privilege escalation can occur if the core agent service loads that file. | ||||
| CVE-2024-29734 | 1 Fujidenolo Solutions Co Ltd. | 1 Sonicdicom Media Viewer | 2024-10-31 | 7.8 High |
| Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application. | ||||
| CVE-2024-48605 | 1 Helakuru | 1 Helakuru | 2024-10-30 | 7.8 High |
| An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file. | ||||
| CVE-2023-37849 | 1 Watchguard | 1 Panda Security Vpn | 2024-10-30 | 6.5 Medium |
| A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows attackers to execute arbitrary code via placing a crafted DLL file in the same directory as PANDAVPN.exe. | ||||
| CVE-2023-40596 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-10-30 | 7 High |
| In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine. | ||||
| CVE-2023-24591 | 1 Intel | 1 Binary Configuration Tool | 2024-10-29 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) Binary Configuration Tool software before version 3.4.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-32618 | 1 Intel | 1 Oneapi | 2024-10-29 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-36493 | 1 Intel | 1 Software Development Kit For Opencl | 2024-10-29 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) SDK for OpenCL(TM) Applications software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-35769 | 1 Intel | 1 Computing Improvement Program | 2024-10-29 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) CIP software before version 2.4.10577 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-35060 | 1 Intel | 1 Battery Life Diagnostic Tool | 2024-10-29 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) Battery Life Diagnostic Tool software before version 2.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-28407 | 1 Intel | 1 Extreme Tuning Utility | 2024-10-29 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-3252 | 1 Tenable | 1 Nessus | 2024-10-28 | 6.8 Medium |
| An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition. | ||||
| CVE-2024-50583 | 2024-10-25 | 6.3 Medium | ||
| Whale browser Installer before 3.1.0.0 allows an attacker to execute a malicious DLL in the user environment due to improper permission settings. | ||||
| CVE-2023-40156 | 1 Intel | 1 System Support Utility | 2024-10-25 | 6.7 Medium |
| Uncontrolled search path element in some Intel(R) SSU software before version 3.0.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-6692 | 1 Fortinet | 1 Forticlient | 2024-10-25 | 7.8 High |
| A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL. | ||||
| CVE-2020-9290 | 1 Fortinet | 2 Forticlient, Forticlient Virtual Private Network | 2024-10-25 | 7.8 High |
| An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | ||||
| CVE-2020-9287 | 1 Fortinet | 1 Forticlient Emergency Management Server | 2024-10-25 | 7.8 High |
| An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | ||||
| CVE-2023-32646 | 1 Intel | 1 Virtual Raid On Cpu | 2024-10-25 | 6.7 Medium |
| Uncontrolled search path element in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-32592 | 1 Fortinet | 2 Forticlient, Forticlient Enterprise Management Server | 2024-10-25 | 7.8 High |
| An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path. | ||||
| CVE-2023-36853 | 1 Keysight | 1 Geolocation Server | 2024-10-24 | 7.8 High |
| In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges. | ||||