Vulnerabilities (CVE)

Filtered by CWE-426
Total 492 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-49043 1 Microsoft 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more 2024-11-15 N/A 7.8 HIGH
Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability
CVE-2024-36507 1 Fortinet 1 Forticlient 2024-11-14 N/A 7.8 HIGH
A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering.
CVE-2024-49515 1 Adobe 1 Substance 3d Painter 2024-11-13 N/A 7.8 HIGH
Substance3D - Painter versions 10.1.0 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-47906 2024-11-13 N/A 7.8 HIGH
Excessive binary privileges in Ivanti Connect Secure which affects versions 22.4R2 through 22.7R2.2 inclusive within the R2 release line and Ivanti Policy Secure before version 22.7R1.2 allow a local authenticated attacker to escalate privileges.
CVE-2024-7995 2024-11-06 N/A 7.8 HIGH
A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the VRED Design application. Exploitation of this vulnerability may lead to code execution.
CVE-2024-9325 1 Intelbras 1 Incontrol Web 2024-11-04 6.8 MEDIUM 7.8 HIGH
A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.
CVE-2024-6080 1 Intelbras 1 Incontrol 2024-11-04 6.8 MEDIUM 7.8 HIGH
A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and plans to provide a solution within the next few weeks.
CVE-2024-43616 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2024-10-21 N/A 7.8 HIGH
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-47422 2 Adobe, Microsoft 2 Framemaker, Windows 2024-10-18 N/A 7.8 HIGH
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious path into the search directories, which the application could unknowingly execute. This could allow the attacker to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction.
CVE-2023-32266 2024-10-18 N/A N/A
Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation.   This issue affects Application Lifecycle Management (ALM),Quality Center: 15.00, 15.01, 15.01 P1, 15.01 P2, 15.01 P3, 15.01 P4, 15.01 P5, 15.51, 15.51 P1, 15.51 P2, 15.51 P3, 16.00, 16.01 P1.
CVE-2024-43576 1 Microsoft 2 365 Apps, Office Long Term Servicing Channel 2024-10-16 N/A 7.8 HIGH
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-8733 2024-10-04 N/A 8.0 HIGH
A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability.
CVE-2024-6769 2024-09-30 N/A 6.7 MEDIUM
A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a medium integrity process to a high integrity process without the intervention of a UAC prompt.
CVE-2024-25103 2024-09-23 N/A 6.3 MEDIUM
This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system.
CVE-2023-36538 1 Zoom 1 Rooms 2024-09-20 N/A 7.8 HIGH
Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
CVE-2023-34119 1 Zoom 1 Rooms 2024-09-19 N/A 7.8 HIGH
Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
CVE-2024-44103 1 Ivanti 1 Workspace Control 2024-09-18 N/A 7.8 HIGH
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
CVE-2024-5622 1 Br-automation 1 Industrial Automation Aprol 2024-09-13 N/A 7.8 HIGH
An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges.
CVE-2024-5623 1 Br-automation 1 Industrial Automation Aprol 2024-09-13 N/A 7.8 HIGH
An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges.
CVE-2024-45281 2024-09-10 N/A 5.8 MEDIUM
SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable system to perform DLL related tasks. This could result in a high impact on confidentiality and integrity of the application.