Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36380 | 1 Intel | 7 Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb, Nuc Kit Nuc5pgyh and 4 more | 2024-08-03 | 6.7 Medium |
| Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-36271 | 1 Outbyte | 1 Pc Repair | 2024-08-03 | 7.8 High |
| Outbyte PC Repair Installation File 1.7.112.7856 is vulnerable to Dll Hijacking. iertutil.dll is missing so an attacker can use a malicious dll with same name and can get admin privileges. | ||||
| CVE-2022-36398 | 1 Intel | 1 Battery Life Diagnostic Tool | 2024-08-03 | 6.7 Medium |
| Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-34900 | 1 Parallels | 1 Parallels Access | 2024-08-03 | 7.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 (39313) Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Dispatcher service. The service loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-15213. | ||||
| CVE-2022-34901 | 1 Parallels | 1 Parallels Access | 2024-08-03 | 7.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. The service executes files from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16137. | ||||
| CVE-2022-34902 | 1 Parallels | 1 Parallels Access | 2024-08-03 | 7.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Desktop Control Agent service. The service loads Qt plugins from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-15787. | ||||
| CVE-2022-34848 | 1 Intel | 1 Nuc Pro Software Suite | 2024-08-03 | 6.7 Medium |
| Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-34825 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2024-08-03 | 9.8 Critical |
| Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. | ||||
| CVE-2022-34755 | 1 Schneider-electric | 1 Easergy Builder Installer | 2024-08-03 | 6.3 Medium |
| A CWE-427 - Uncontrolled Search Path Element vulnerability exists that could allow an attacker with a local privileged account to place a specially crafted file on the target machine, which may give the attacker the ability to execute arbitrary code during the installation process initiated by a valid user. Affected Products: Easergy Builder Installer (1.7.23 and prior) | ||||
| CVE-2022-34396 | 1 Dell | 1 Openmanage Server Administrator | 2024-08-03 | 7 High |
| Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise. | ||||
| CVE-2022-34101 | 1 Crestron | 1 Airmedia | 2024-08-03 | 7.8 High |
| A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack. | ||||
| CVE-2022-32972 | 1 Infoblox | 1 Bloxone Endpoint | 2024-08-03 | 7.8 High |
| Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation. | ||||
| CVE-2022-33036 | 1 Embarcadero | 1 Dev-c\+\+ | 2024-08-03 | 7.8 High |
| A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file. | ||||
| CVE-2022-33035 | 1 Netsarang | 1 Xlpd | 2024-08-03 | 7.8 High |
| XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | ||||
| CVE-2022-33037 | 1 Orwell-dev-cpp Project | 1 Orwell-dev-cpp | 2024-08-03 | 7.8 High |
| A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file. | ||||
| CVE-2022-32576 | 1 Intel | 1 Unite | 2024-08-03 | 6.7 Medium |
| Uncontrolled search path in the Intel(R) Unite(R) Plugin SDK before version 4.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-32222 | 2 Nodejs, Siemens | 2 Node.js, Sinec Ins | 2024-08-03 | 5.3 Medium |
| A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3. | ||||
| CVE-2022-32223 | 2 Microsoft, Nodejs | 2 Windows, Node.js | 2024-08-03 | 7.3 High |
| Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability. | ||||
| CVE-2022-31694 | 1 Installbuilder | 1 Installbuilder | 2024-08-03 | 7.3 High |
| InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the privileges of the installer (when the popup triggers the loading of the library). Exploiting these type of vulnerabilities generally require that an attacker has access to a vulnerable machine to plant the malicious DLL. | ||||
| CVE-2022-31611 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2024-08-03 | 6.8 Medium |
| NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution. | ||||