Total
710 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1595 | 2024-03-01 | N/A | 7.8 HIGH | ||
| Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed. | |||||
| CVE-2023-6132 | 2024-03-01 | N/A | 7.3 HIGH | ||
| The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL. | |||||
| CVE-2023-39254 | 2024-03-01 | N/A | 6.7 MEDIUM | ||
| Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin. | |||||
| CVE-2023-45248 | 2 Acronis, Microsoft | 2 Agent, Windows | 2024-02-27 | N/A | 7.3 HIGH |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391. | |||||
| CVE-2023-25779 | 2024-02-14 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-24591 | 2024-02-14 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) Binary Configuration Tool software before version 3.4.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28407 | 2024-02-14 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28745 | 2024-02-14 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in Intel(R) QSFP+ Configuration Utility software, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32646 | 2024-02-14 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path element in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-35060 | 2024-02-14 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) Battery Life Diagnostic Tool software before version 2.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32618 | 2024-02-14 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-39932 | 2024-02-14 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow a privillaged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-38566 | 2024-02-14 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) ISPC software before version 1.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-35769 | 2024-02-14 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) CIP software before version 2.4.10577 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-41091 | 2024-02-14 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) MPI Library Software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-40156 | 2024-02-14 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path element in some Intel(R) SSU software before version 3.0.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-36493 | 2024-02-14 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) SDK for OpenCL(TM) Applications software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-43703 | 1 Arm | 2 Arm Development Studio, Ds Development Studio | 2024-02-13 | N/A | 7.8 HIGH |
| An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files. | |||||
| CVE-2022-21668 | 2 Fedoraproject, Pypa | 2 Fedora, Pipenv | 2024-02-07 | 9.3 HIGH | 8.6 HIGH |
| pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims who use pipenv to install the requirements file to download dependencies from a package index server controlled by the attacker. By embedding malicious code in packages served from their malicious index server, the attacker can trigger arbitrary remote code execution (RCE) on the victims' systems. If an attacker is able to hide a malicious `--index-url` option in a requirements file that a victim installs with pipenv, the attacker can embed arbitrary malicious code in packages served from their malicious index server that will be executed on the victim's host during installation (remote code execution/RCE). When pip installs from a source distribution, any code in the setup.py is executed by the install process. This issue is patched in version 2022.1.8. The GitHub Security Advisory contains more information about this vulnerability. | |||||
| CVE-2024-23940 | 2 Microsoft, Trendmicro | 6 Windows, Air Support, Antivirus \+ Security and 3 more | 2024-02-06 | N/A | 7.8 HIGH |
| Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system. | |||||