Total
710 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26028 | 1 Intel | 1 Vtune Profiler | 2022-11-17 | N/A | 7.3 HIGH |
| Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-30548 | 1 Intel | 1 Glorp | 2022-11-17 | N/A | 7.8 HIGH |
| Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-27638 | 1 Intel | 1 Advanced Link Analyzer | 2022-11-17 | N/A | 7.8 HIGH |
| Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36380 | 1 Intel | 7 Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb, Nuc Kit Nuc5pgyh and 4 more | 2022-11-16 | N/A | 7.3 HIGH |
| Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-27187 | 1 Intel | 1 Quartus Prime | 2022-11-16 | N/A | 7.8 HIGH |
| Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33064 | 1 Intel | 1 System Studio | 2022-11-16 | N/A | 7.8 HIGH |
| Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-43310 | 1 Foxitsoftware | 1 Foxit Reader | 2022-11-15 | N/A | 7.8 HIGH |
| An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path. | |||||
| CVE-2022-34825 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2022-11-09 | N/A | 9.8 CRITICAL |
| Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. | |||||
| CVE-2019-3881 | 1 Bundler | 1 Bundler | 2022-11-08 | 4.4 MEDIUM | 7.8 HIGH |
| Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed. | |||||
| CVE-2022-44744 | 1 Acronis | 1 Cyber Protect Home Office | 2022-11-08 | N/A | 7.3 HIGH |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | |||||
| CVE-2017-20052 | 1 Python | 1 Python | 2022-11-05 | 4.4 MEDIUM | 7.8 HIGH |
| A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-32223 | 2 Microsoft, Nodejs | 2 Windows, Node.js | 2022-10-28 | N/A | 7.3 HIGH |
| Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability. | |||||
| CVE-2022-36840 | 1 Samsung | 1 Update | 2022-10-27 | N/A | 7.8 HIGH |
| DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code. | |||||
| CVE-2021-37617 | 1 Nextcloud | 1 Desktop | 2022-10-25 | 4.4 MEDIUM | 7.3 HIGH |
| The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4, the Client searches the `Uninstall.exe` file in a folder that can be written by regular users. This could lead to a case where a malicious user creates a malicious `Uninstall.exe`, which would be executed with administrative privileges on the Nextcloud Desktop Client installation. This issue is fixed in Nextcloud Desktop Client version 3.3.0. As a workaround, do not allow untrusted users to create content in the `C:\` system folder and verify that there is no malicious `C:\Uninstall.exe` file on the system. | |||||
| CVE-2020-25238 | 1 Siemens | 2 Simatic Process Control System Neo, Totally Integrated Automation Portal | 2022-10-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system. | |||||
| CVE-2022-33921 | 1 Dell | 1 Geodrive | 2022-10-14 | N/A | 7.8 HIGH |
| Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. | |||||
| CVE-2020-8895 | 1 Google | 1 Earth | 2022-10-07 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system. | |||||
| CVE-2022-40978 | 1 Jetbrains | 1 Intellij Idea | 2022-09-21 | N/A | 7.8 HIGH |
| The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking | |||||
| CVE-2022-39846 | 1 Samsung | 1 Smart Switch Pc | 2022-09-21 | N/A | 7.8 HIGH |
| DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code. | |||||
| CVE-2020-28646 | 1 Owncloud | 1 Owncloud Desktop Client | 2022-09-21 | 4.4 MEDIUM | 7.8 HIGH |
| ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present. | |||||