Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41091 | 1 Intel | 1 Mpi Library | 2024-10-24 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) MPI Library Software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-38566 | 1 Intel | 1 Implicit Spmd Program Compiler | 2024-10-24 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) ISPC software before version 1.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-39932 | 1 Intel | 1 System Usage Report For Gameplay | 2024-10-24 | 6.7 Medium |
| Uncontrolled search path in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow a privillaged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-15663 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-10-21 | 8.8 High |
| If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2. | ||||
| CVE-2024-49390 | 1 Acronis | 1 Cyber Files | 2024-10-18 | 7.3 High |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24. | ||||
| CVE-2024-49391 | 1 Acronis | 1 Cyber Files | 2024-10-18 | 7.3 High |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24. | ||||
| CVE-2024-10068 | 1 Flashfxp | 1 Flashfxp | 2024-10-18 | 7.8 High |
| A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. It has been classified as critical. Affected is an unknown function in the library libcrypto-1_1.dll of the file FlashFXP.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-30117 | 1 Hcltech | 1 Bigfix Platform | 2024-10-17 | 2.5 Low |
| A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances. | ||||
| CVE-2024-45710 | 1 Solarwinds | 1 Solarwinds Platform | 2024-10-17 | 7.8 High |
| SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine. | ||||
| CVE-2024-4089 | 1 Lenovo | 1 Superfile | 2024-10-17 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2024-4130 | 1 Lenovo | 1 App Store | 2024-10-17 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2024-4131 | 1 Lenovo | 1 Emulator | 2024-10-17 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2024-4132 | 1 Lenovo | 1 Lock Screen | 2024-10-17 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2024-9046 | 1 Lenovo | 1 Starstudio | 2024-10-17 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2023-34355 | 2 Intel, Intel Server Board M10jnp2sb Integrated Bmc Video Drivers | 3 Integrated Bmc Video Driver, Server Board M10jnp2sb, Intel Server Board M10jnp2sb Integrated Bmc Video Drive | 2024-10-17 | 6.7 Medium |
| Uncontrolled search path element for some Intel(R) Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-47194 | 1 Siemens | 2 Modelsim, Questa | 2024-10-16 | 6.7 Medium |
| A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vish2.exe in affected applications allows a specific DLL file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vish2.exe from a user-writable directory. | ||||
| CVE-2024-47195 | 1 Siemens | 2 Modelsim, Questa | 2024-10-16 | 6.7 Medium |
| A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). gdb.exe in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch gdb.exe from a user-writable directory. | ||||
| CVE-2024-47196 | 1 Siemens | 2 Modelsim, Questa | 2024-10-16 | 6.7 Medium |
| A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vsimk.exe in affected applications allows a specific tcl file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vsimk.exe from a user-writable directory. | ||||
| CVE-2023-28823 | 1 Intel | 29 Advisor For Oneapi, Cpu Runtime For Opencl Applications, Distribution For Python Programming Language and 26 more | 2024-10-15 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-36344 | 1 Dieboldnixdorf | 1 Vynamic View | 2024-10-15 | 7.8 High |
| An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature. | ||||