| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries. |
| A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit has been made available to the public and could be used for attacks. Modifying the configuration settings is advised. |
| In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5. |
| Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking. |
| Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the service startup process. |
| Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. |
| Uncontrolled Search Path Element vulnerability in Yandex Telemost on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.19.1. |
| The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution. Specifically, a third party can create a `inkscape.bat` file that defines a Windows batch script, capable of arbitrary code execution. When a user runs `jupyter nbconvert --to pdf` on a notebook containing SVG output to a PDF on a Windows platform from this directory, the `inkscape.bat` file is run unexpectedly. This issue has been patched in version 7.17.0. |
| Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the
file system. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center. |
| Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package
could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center. |
| Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center. |
| Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability |
| Visual Studio Code Elevation of Privilege Vulnerability |
| Visual Studio Installer Elevation of Privilege Vulnerability |
| Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally. |
| Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. |
| Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. |
| Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. |
| Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally. |
| Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network. |
