Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-48422 | 2 Linux, Onlyoffice | 2 Linux Kernel, Document Server | 2024-08-03 | 7.8 High |
| ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is located. | ||||
| CVE-2022-48224 | 1 Gbgplc | 1 Acuant Acufill Sdk | 2024-08-03 | 7.3 High |
| An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is installed with insecure permissions (full write access within Program Files). Standard users can replace files within this directory that get executed with elevated privileges, leading to a complete arbitrary code execution (elevation of privileges). | ||||
| CVE-2022-48225 | 1 Gbgplc | 1 Acuant Acufill Sdk | 2024-08-03 | 7.3 High |
| An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is used to install drivers from several different vendors. The Gemalto Document Reader child installation process is vulnerable to DLL hijacking, because it attempts to execute (with elevated privileges) multiple non-existent DLLs out of a non-existent standard-user writable location. | ||||
| CVE-2022-48222 | 1 Gbgplc | 1 Acuant Acufill Sdk | 2024-08-03 | 7.8 High |
| An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges). | ||||
| CVE-2022-48223 | 1 Gbgplc | 1 Acuant Acufill Sdk | 2024-08-03 | 6.7 Medium |
| An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory. | ||||
| CVE-2022-48077 | 1 Genymotion | 1 Genymotion Desktop | 2024-08-03 | 7.8 High |
| Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vulnerability that allows attackers to escalate privileges and execute arbitrary code via a crafted DLL. | ||||
| CVE-2022-47632 | 2 Microsoft, Razer | 2 Windows, Synapse | 2024-08-03 | 6.8 Medium |
| Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if the malicious DLLs are unsigned, it suffices to use self-signed DLLs. The validity of the DLL signatures is not checked. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows. | ||||
| CVE-2022-46330 | 1 Squirrel.windows Project | 1 Squirrel.windows | 2024-08-03 | 7.8 High |
| Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer. | ||||
| CVE-2022-45422 | 1 Lg | 1 Smart Share | 2024-08-03 | 7.8 High |
| When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005. | ||||
| CVE-2022-44939 | 1 Echatserver | 1 Easy Chat Server | 2024-08-03 | 7.8 High |
| Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL. | ||||
| CVE-2022-44744 | 1 Acronis | 1 Cyber Protect Home Office | 2024-08-03 | 7.3 High |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | ||||
| CVE-2022-43751 | 1 Mcafee | 1 Total Protection | 2024-08-03 | 7.8 High |
| McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. This may have allowed the unprivileged user to execute arbitrary code with system privileges. | ||||
| CVE-2022-43703 | 1 Arm | 2 Arm Development Studio, Ds Development Studio | 2024-08-03 | 7.8 High |
| An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files. | ||||
| CVE-2022-43722 | 1 Siemens | 1 Sicam Pas\/pqs | 2024-08-03 | 7.8 High |
| A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. | ||||
| CVE-2022-43474 | 1 Intel | 2 Dsp Builder, Quartus Prime | 2024-08-03 | 6.7 Medium |
| Uncontrolled search path for the DSP Builder software installer before version 22.4 for Intel(R) FPGAs Pro Edition may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-43440 | 1 Checkmk | 1 Checkmk | 2024-08-03 | 8.8 High |
| Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable | ||||
| CVE-2022-43310 | 1 Foxitsoftware | 1 Foxit Reader | 2024-08-03 | 7.8 High |
| An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path. | ||||
| CVE-2022-42945 | 1 Autodesk | 1 Dwg Trueview | 2024-08-03 | 7.8 High |
| DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability. Successful exploitation by a malicious attacker could result in remote code execution on the target system. | ||||
| CVE-2022-41998 | 1 Intel | 1 Data Center Manager | 2024-08-03 | 6.7 Medium |
| Uncontrolled search path in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-41982 | 1 Intel | 1 Vtune Profiler | 2024-08-03 | 6.7 Medium |
| Uncontrolled search path element in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||