Total
710 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41613 | 2 Ezviz, Microsoft | 2 Ezviz Studio, Windows | 2023-12-07 | N/A | 7.8 HIGH |
| EzViz Studio v2.2.0 is vulnerable to DLL hijacking. | |||||
| CVE-2023-4770 | 2 4d, Microsoft | 3 4d, Server, Windows | 2023-12-06 | N/A | 7.8 HIGH |
| An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution. | |||||
| CVE-2023-47452 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2023-12-06 | N/A | 7.8 HIGH |
| An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory. | |||||
| CVE-2023-47453 | 1 Sohu | 1 Video Player | 2023-12-06 | N/A | 7.8 HIGH |
| An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working directory. | |||||
| CVE-2023-47454 | 1 Netease | 1 Cloudmusic | 2023-12-06 | N/A | 7.8 HIGH |
| An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory. | |||||
| CVE-2023-4931 | 1 Plesk | 1 Plesk | 2023-12-01 | N/A | 7.8 HIGH |
| Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files. | |||||
| CVE-2023-27513 | 1 Intel | 1 Server Information Retrieval Utility | 2023-11-30 | N/A | 7.8 HIGH |
| Uncontrolled search path element in some Intel(R) Server Information Retrieval Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28740 | 2 Intel, Microsoft | 4 Quickassist Technology, Quickassist Technology Firmware, Quickassist Technology Library and 1 more | 2023-11-30 | N/A | 7.8 HIGH |
| Uncontrolled search path element in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-41787 | 1 Artica | 1 Pandora Fms | 2023-11-29 | N/A | 7.5 HIGH |
| Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows access to files with sensitive information. This issue affects Pandora FMS: from 700 through 772. | |||||
| CVE-2023-41790 | 1 Artica | 1 Pandora Fms | 2023-11-29 | N/A | 9.8 CRITICAL |
| Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773. | |||||
| CVE-2023-46814 | 2 Microsoft, Videolan | 2 Windows, Vlc Media Player | 2023-11-29 | N/A | 7.8 HIGH |
| A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM. | |||||
| CVE-2023-29069 | 1 Autodesk | 1 Desktop Connector | 2023-11-29 | N/A | 7.8 HIGH |
| A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability. | |||||
| CVE-2023-6235 | 1 Duetdisplay | 1 Duet Display | 2023-11-29 | N/A | 7.8 HIGH |
| An uncontrolled search path element vulnerability has been found in the Duet Display product, affecting version 2.5.9.1. An attacker could place an arbitrary libusk.dll file in the C:\Users\user\AppData\Local\Microsoft\WindowsApps\ directory, which could lead to the execution and persistence of arbitrary code. | |||||
| CVE-2023-22818 | 1 Westerndigital | 1 Sandisk Security Installer | 2023-11-22 | N/A | 7.8 HIGH |
| Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution of arbitrary code with the privileges of the vulnerable application or obtain a certain level of persistence on the compromised host. | |||||
| CVE-2023-34430 | 1 Intel | 1 Battery Life Diagnostic Tool | 2023-11-21 | N/A | 7.8 HIGH |
| Uncontrolled search path in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-34350 | 1 Intel | 1 Extreme Tuning Utility | 2023-11-21 | N/A | 7.8 HIGH |
| Uncontrolled search path element in some Intel(R) XTU software before version 7.12.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-29504 | 1 Intel | 1 Realsense D400 Series Dynamic Calibration Tool | 2023-11-21 | N/A | 7.8 HIGH |
| Uncontrolled search path element in some Intel(R) RealSense(TM) Dynamic Calibration software before version 2.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-29161 | 1 Intel | 1 One Boot Flash Update | 2023-11-21 | N/A | 7.8 HIGH |
| Uncontrolled search path in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32660 | 1 Intel | 2 Nuc Kit Nuc6i7kyk, Thunderbolt 3 Controller Firmware | 2023-11-20 | N/A | 7.3 HIGH |
| Uncontrolled search path in some Intel(R) NUC Kit NUC6i7KYK Thunderbolt(TM) 3 Firmware Update Tool installation software before version 46 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-33874 | 1 Intel | 7 Hid Event Filter Driver, Nuc 12 Pro Board Nuc12wsbv5, Nuc 12 Pro Board Nuc12wsbv7 and 4 more | 2023-11-20 | N/A | 7.3 HIGH |
| Uncontrolled search path in some Intel(R) NUC 12 Pro Kits & Mini PCs - NUC12WS Intel(R) HID Event Filter Driver installation software before version 2.2.2.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||