Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45246 | 1 Dieboldnixdorf | 1 Vynamic View | 2024-10-07 | 7.3 High |
| Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element | ||||
| CVE-2023-40352 | 1 Mcafee | 1 Safe Connect | 2024-10-04 | 7.2 High |
| McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs. | ||||
| CVE-2024-6510 | 1 Avg | 1 Internet Security | 2024-10-02 | 7.8 High |
| Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking. | ||||
| CVE-2023-25182 | 1 Intel | 1 Unite | 2024-10-02 | 4.2 Medium |
| Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-24767 | 2 Git For Windows Project, Microsoft | 4 Git For Windows, Visual Studio 2017, Visual Studio 2019 and 1 more | 2024-10-01 | 7.8 High |
| GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account. | ||||
| CVE-2023-39374 | 1 Forescout | 1 Secureconnector | 2024-10-01 | 7.8 High |
| ForeScout NAC SecureConnector version 11.2 - CWE-427: Uncontrolled Search Path Element | ||||
| CVE-2024-44168 | 1 Apple | 1 Macos | 2024-09-26 | 5.5 Medium |
| A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system. | ||||
| CVE-2024-34153 | 1 Intel | 1 Raid Web Console | 2024-09-23 | 6.7 Medium |
| Uncontrolled search path element in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-22346 | 1 Ibm | 1 I | 2024-09-20 | 8.4 High |
| Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203. | ||||
| CVE-2024-39613 | 1 Mattermost | 1 Mattermost Desktop | 2024-09-20 | 5.3 Medium |
| Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine. | ||||
| CVE-2024-34016 | 1 Acronis | 1 Cyber Protect Cloud Agent | 2024-09-20 | N/A |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235. | ||||
| CVE-2024-8766 | 1 Acronis | 1 Cyber Protect Cloud Agent | 2024-09-20 | N/A |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235. | ||||
| CVE-2023-35897 | 1 Ibm | 2 Storage Protect, Storage Protect Client | 2024-09-19 | 8.4 High |
| IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246. | ||||
| CVE-2023-44440 | 2024-09-18 | N/A | ||
| Ashlar-Vellum Lithium Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Lithium. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21680. | ||||
| CVE-2023-44439 | 1 Ashlar | 1 Xenon | 2024-09-18 | N/A |
| Ashlar-Vellum Xenon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Xenon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21679. | ||||
| CVE-2023-44438 | 2024-09-18 | N/A | ||
| Ashlar-Vellum Argon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Argon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21678. | ||||
| CVE-2023-44437 | 1 Ashlar | 1 Cobalt | 2024-09-18 | N/A |
| Ashlar-Vellum Cobalt Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21540. | ||||
| CVE-2024-20430 | 1 Cisco | 2 Meraki Systems Manager, Meraki Systems Manager Agent | 2024-09-18 | 7.3 High |
| A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A successful exploit could allow the attacker to execute arbitrary code on the affected system with SYSTEM privileges. | ||||
| CVE-2023-4936 | 1 Synaptics | 1 Displaylink Usb Graphics | 2024-09-18 | 5.5 Medium |
| It is possible to sideload a compromised DLL during the installation at elevated privilege. | ||||
| CVE-2024-44107 | 1 Ivanti | 1 Workspace Control | 2024-09-18 | 8.8 High |
| DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. | ||||