Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43064 | 1 Ibm | 1 I | 2024-08-02 | 7 High |
| Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689. | ||||
| CVE-2023-41929 | 1 Samsung | 1 Memory Card \& Ufd Authentication | 2024-08-02 | 7.3 High |
| A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows to exploit this vulnerability.) | ||||
| CVE-2023-41790 | 1 Artica | 1 Pandora Fms | 2024-08-02 | 7.6 High |
| Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773. | ||||
| CVE-2023-41787 | 1 Artica | 1 Pandora Fms | 2024-08-02 | 6 Medium |
| Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows access to files with sensitive information. This issue affects Pandora FMS: from 700 through 772. | ||||
| CVE-2023-41117 | 1 Enterprisedb | 1 Postgres Advanced Server | 2024-08-02 | 8.8 High |
| An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks. | ||||
| CVE-2024-28131 | 2024-08-02 | 7.8 High | ||
| EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed with the privilege of the running program. Note that the developer was unreachable, therefore, users should consider stop using EasyRange Ver 1.41. | ||||
| CVE-2023-40155 | 2024-08-02 | 6.7 Medium | ||
| Uncontrolled search path for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-37490 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-08-02 | 7.6 High |
| SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the confidentiality, integrity, and availability of the system | ||||
| CVE-2023-35192 | 1 Intel | 1 Graphics Performance Analyzer | 2024-08-02 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-32272 | 1 Intel | 1 Nuc Pro Software Suite | 2024-08-02 | 7.9 High |
| Uncontrolled search path in some Intel NUC Pro Software Suite Configuration Tool software installers before version 3.0.0.6 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-31543 | 1 Pipreqs Project | 1 Pipreqs | 2024-08-02 | 9.8 Critical |
| A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server. | ||||
| CVE-2023-31210 | 1 Checkmk | 1 Checkmk | 2024-08-02 | 8.8 High |
| Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries | ||||
| CVE-2023-31197 | 1 Intel | 1 Trace Analyzer And Collector | 2024-08-02 | 6.7 Medium |
| Uncontrolled search path in the Intel(R) Trace Analyzer and Collector before version 2020 update 3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-30237 | 1 Cyberghostvpn | 1 Cyberghost | 2024-08-02 | 7.8 High |
| CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DLL injection vulnerability via the component Dashboard.exe. | ||||
| CVE-2023-29444 | 1 Ptc | 3 Kepware Kepserverex, Thingworx Industrial Connectivity, Thingworx Kepware Server | 2024-08-02 | 6.3 Medium |
| An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution. | ||||
| CVE-2023-29445 | 1 Ptc | 3 Kepware Kepserverex, Thingworx Industrial Connectivity, Thingworx Kepware Server | 2024-08-02 | 7.8 High |
| An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. | ||||
| CVE-2023-29069 | 1 Autodesk | 1 Desktop Connector | 2024-08-02 | 7.8 High |
| A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability. | ||||
| CVE-2023-29187 | 1 Sap | 1 Sapsetup | 2024-08-02 | 6.7 Medium |
| A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup (Software Installation Program) - version 9.0, resulting in a privilege escalation running code as administrator of the very same Windows PC. A successful attack depends on various preconditions beyond the attackers control. | ||||
| CVE-2023-29011 | 1 Git For Windows Project | 1 Git For Windows | 2024-08-02 | 7.6 High |
| Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:\etc\connectrc`. Since `C:\etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder `etc` on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious `<drive>:\etc\connectrc` files on multi-user machines. | ||||
| CVE-2023-29012 | 1 Git For Windows Project | 1 Git For Windows | 2024-08-02 | 7.3 High |
| Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. The problem has been patched in Git for Windows v2.40.1. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory. | ||||