Total
710 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4632 | 1 Lenovo | 1 System Update | 2023-11-16 | N/A | 7.8 HIGH |
| An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges. | |||||
| CVE-2021-31847 | 1 Mcafee | 1 Agent | 2023-11-15 | 6.9 MEDIUM | 7.8 HIGH |
| Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature. | |||||
| CVE-2021-31853 | 1 Mcafee | 1 Drive Encryption | 2023-11-15 | 4.6 MEDIUM | 7.8 HIGH |
| DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder. | |||||
| CVE-2022-1824 | 1 Mcafee | 1 Consumer Product Removal Tool | 2023-11-15 | 4.4 MEDIUM | 8.2 HIGH |
| An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. This could result in the user gaining elevated permissions and being able to execute arbitrary code as there were insufficient checks on the executable being signed by McAfee. | |||||
| CVE-2023-47113 | 2 Bleachbit, Microsoft | 2 Bleachbit, Windows | 2023-11-15 | N/A | 7.3 HIGH |
| BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0. | |||||
| CVE-2023-0898 | 1 Ge | 1 Micom S1 Agile | 2023-11-14 | N/A | 7.3 HIGH |
| General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application. | |||||
| CVE-2023-31027 | 2 Microsoft, Nvidia | 2 Windows, Virtual Gpu | 2023-11-13 | N/A | 7.3 HIGH |
| NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges. | |||||
| CVE-2023-31016 | 2 Microsoft, Nvidia | 2 Windows, Virtual Gpu | 2023-11-13 | N/A | 7.8 HIGH |
| NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | |||||
| CVE-2023-44220 | 1 Sonicwall | 1 Netextender | 2023-11-07 | N/A | 7.3 HIGH |
| SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system. | |||||
| CVE-2023-36853 | 1 Keysight | 1 Geolocation Server | 2023-11-07 | N/A | 7.8 HIGH |
| In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges. | |||||
| CVE-2023-34355 | 1 Intel | 2 Integrated Bmc Video Driver, Server Board M10jnp2sb | 2023-11-07 | N/A | 7.3 HIGH |
| Uncontrolled search path element for some Intel(R) Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-31197 | 1 Intel | 1 Trace Analyzer And Collector | 2023-11-07 | N/A | 7.8 HIGH |
| Uncontrolled search path in the Intel(R) Trace Analyzer and Collector before version 2020 update 3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-29151 | 1 Intel | 1 Platform Service Record Software Development Kit | 2023-11-07 | N/A | 7.8 HIGH |
| Uncontrolled search path element in some Intel(R) PSR SDK before version 1.0.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28823 | 1 Intel | 29 Advisor For Oneapi, Cpu Runtime For Opencl Applications, Distribution For Python Programming Language and 26 more | 2023-11-07 | N/A | 7.3 HIGH |
| Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28405 | 1 Intel | 1 Openvino | 2023-11-07 | N/A | 7.8 HIGH |
| Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2022.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28380 | 1 Intel | 1 Ai Hackathon | 2023-11-07 | N/A | 8.8 HIGH |
| Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2023-27386 | 1 Intel | 1 Pathfinder For Risc-v | 2023-11-07 | N/A | 7.3 HIGH |
| Uncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-27298 | 1 Intel | 1 Wake Up Latency Tracer | 2023-11-07 | N/A | 8.8 HIGH |
| Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2023-25944 | 1 Intel | 1 Vcust Tool | 2023-11-07 | N/A | 7.8 HIGH |
| Uncontrolled search path element in some Intel(R) VCUST Tool software downloaded before February 3nd 2023 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-25182 | 1 Intel | 1 Unite | 2023-11-07 | N/A | 7.8 HIGH |
| Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||