Total
707 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-44440 | 2024-09-18 | N/A | 7.8 HIGH | ||
Ashlar-Vellum Lithium Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Lithium. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21680. | |||||
CVE-2023-44439 | 2024-09-18 | N/A | 7.8 HIGH | ||
Ashlar-Vellum Xenon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Xenon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21679. | |||||
CVE-2023-44438 | 2024-09-18 | N/A | 7.8 HIGH | ||
Ashlar-Vellum Argon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Argon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21678. | |||||
CVE-2023-44437 | 2024-09-18 | N/A | 7.8 HIGH | ||
Ashlar-Vellum Cobalt Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21540. | |||||
CVE-2024-20430 | 1 Cisco | 1 Meraki Systems Manager | 2024-09-18 | N/A | 7.3 HIGH |
A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A successful exploit could allow the attacker to execute arbitrary code on the affected system with SYSTEM privileges. | |||||
CVE-2024-44107 | 1 Ivanti | 1 Workspace Control | 2024-09-18 | N/A | 7.8 HIGH |
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. | |||||
CVE-2024-5290 | 2 Canonical, W1.fi | 2 Ubuntu Linux, Wpa Supplicant | 2024-09-17 | N/A | 7.8 HIGH |
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist. | |||||
CVE-2024-8766 | 2024-09-16 | N/A | 6.7 MEDIUM | ||
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235. | |||||
CVE-2024-34016 | 2024-09-16 | N/A | 6.5 MEDIUM | ||
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235. | |||||
CVE-2024-34153 | 2024-09-16 | N/A | 6.7 MEDIUM | ||
Uncontrolled search path element in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-39613 | 2024-09-16 | N/A | 5.3 MEDIUM | ||
Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine. | |||||
CVE-2024-8441 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 6.7 MEDIUM |
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM. | |||||
CVE-2024-29015 | 1 Intel | 2 Oneapi Base Toolkit, Vtune Profiler | 2024-09-12 | N/A | 7.8 HIGH |
Uncontrolled search path in some Intel(R) VTune(TM) Profiler software before versions 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-28887 | 1 Intel | 2 Integrated Performance Primitives, Oneapi Base Toolkit | 2024-09-12 | N/A | 7.8 HIGH |
Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-24977 | 1 Intel | 1 License Manager For Flexim | 2024-09-12 | N/A | 7.8 HIGH |
Uncontrolled search path for some Intel(R) License Manager for FLEXlm product software before version 11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-6510 | 2024-09-12 | N/A | 7.8 HIGH | ||
Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking. | |||||
CVE-2024-23489 | 1 Intel | 1 Virtual Raid On Cpu | 2024-09-12 | N/A | 7.3 HIGH |
Uncontrolled search path for some Intel(R) VROC software before version 8.6.0.1191 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-34019 | 1 Acronis | 1 Snap Deploy | 2024-09-12 | N/A | 7.3 HIGH |
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. | |||||
CVE-2024-34017 | 1 Acronis | 1 Snap Deploy | 2024-09-12 | N/A | 7.3 HIGH |
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. | |||||
CVE-2024-7193 | 1 Florian Heidenreich | 1 Mp3tag | 2024-09-11 | 4.3 MEDIUM | 7.8 HIGH |
A vulnerability has been found in Mp3tag up to 3.26d and classified as problematic. This vulnerability affects unknown code in the library tak_deco_lib.dll of the component DLL Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.26e is able to address this issue. It is recommended to upgrade the affected component. VDB-272614 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early, responded in a very professional manner and immediately released a fixed version of the affected product. |