Total
785 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34017 | 1 Acronis | 1 Snap Deploy | 2024-09-12 | N/A | 7.3 HIGH |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. | |||||
| CVE-2024-7325 | 1 Iobit | 1 Driver Booster | 2024-09-11 | N/A | 7.8 HIGH |
| A vulnerability was found in IObit Driver Booster 11.0.0.0. It has been rated as critical. Affected by this issue is some unknown functionality in the library VCL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The identifier of this vulnerability is VDB-273248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-23907 | 1 Intel | 3 High Level Synthesis Compiler, Oneapi Dpc\+\+\/c\+\+ Compiler, Quartus Prime | 2024-09-06 | N/A | 7.8 HIGH |
| Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-23909 | 1 Intel | 1 Field Programmable Gate Array Software Development Kit For Opencl | 2024-09-06 | N/A | 7.8 HIGH |
| Uncontrolled search path in some Intel(R) FPGA SDK for OpenCL(TM) software technology may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-26027 | 1 Intel | 1 Simics Package Manager | 2024-09-06 | N/A | 7.8 HIGH |
| Uncontrolled search path for some Intel(R) Simics Package Manager software before version 1.8.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-28046 | 1 Intel | 1 Graphics Performance Analyzers | 2024-09-06 | N/A | 7.8 HIGH |
| Uncontrolled search path in some Intel(R) GPA software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-28172 | 1 Intel | 2 Oneapi Hpc Toolkit, Trace Analyzer And Collector | 2024-09-06 | N/A | 7.3 HIGH |
| Uncontrolled search path for some Intel(R) Trace Analyzer and Collector software before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-28876 | 1 Intel | 2 Mpi Library, Oneapi Hpc Toolkit | 2024-09-06 | N/A | 7.3 HIGH |
| Uncontrolled search path for some Intel(R) MPI Library software before version 2021.12 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-7834 | 1 Overwolf | 1 Overwolf | 2024-09-05 | N/A | 7.8 HIGH |
| A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an attacker with unprivileged access to the system to run arbitrary code with SYSTEM privileges by placing a malicious .dll file in the respective location. | |||||
| CVE-2024-23491 | 1 Intel | 2 Distribution For Gdb, Oneapi Base Toolkit | 2024-08-31 | N/A | 7.3 HIGH |
| Uncontrolled search path in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-7061 | 1 Okta | 1 Verify | 2024-08-28 | N/A | 7.8 HIGH |
| Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. The vulnerability is fixed in Okta Verify for Windows version 5.0.2. To remediate this vulnerability, upgrade to 5.0.2 or greater. | |||||
| CVE-2023-0213 | 2 M-files, Microsoft | 2 M-files, Windows | 2024-08-28 | N/A | 7.8 HIGH |
| Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking. | |||||
| CVE-2024-37127 | 1 Dell | 1 Peripheral Manager | 2024-08-27 | N/A | 7.8 HIGH |
| Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | |||||
| CVE-2024-5929 | 1 Vipre | 1 Advanced Security | 2024-08-23 | N/A | 7.8 HIGH |
| VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Patch Management Agent. The issue results from loading a file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22316. | |||||
| CVE-2024-7326 | 1 Itopvpn | 1 Dualsafe Password Manager | 2024-08-15 | N/A | 7.8 HIGH |
| A vulnerability classified as critical has been found in IObit DualSafe Password Manager 1.4.0.3. This affects an unknown part in the library RTL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The identifier VDB-273249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-5509 | 1 Luxion | 3 Keyshot, Keyshot Network Rendering, Keyshot Viewer | 2024-08-09 | N/A | 7.8 HIGH |
| Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BIP files. The issue results from loading a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22738. | |||||
| CVE-2024-37142 | 1 Dell | 1 Peripheral Manager | 2024-08-08 | N/A | 7.8 HIGH |
| Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | |||||
| CVE-2024-32857 | 1 Dell | 1 Peripheral Manager | 2024-08-08 | N/A | 7.8 HIGH |
| Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | |||||
| CVE-2024-34116 | 1 Adobe | 1 Creative Cloud Desktop Application | 2024-08-07 | N/A | 7.1 HIGH |
| Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to load and execute malicious libraries, leading to arbitrary file delete. Exploitation of this issue requires user interaction. | |||||
| CVE-2019-9116 | 2 Microsoft, Sublimetext | 2 Windows 7, Sublime Text 3 | 2024-08-04 | 6.8 MEDIUM | 7.8 HIGH |
| DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublime_text.exe to open a .txt file within an attacker's %LOCALAPPDATA%\Temp\sublime_text folder. NOTE: the vendor's position is "This does not appear to be a bug with Sublime Text, but rather one with Windows that has been patched. | |||||