Vulnerabilities (CVE)

Filtered by CWE-427
Total 757 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-7834 1 Overwolf 1 Overwolf 2024-09-05 N/A 7.8 HIGH
A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. This allows an attacker with unprivileged access to the system to run arbitrary code with SYSTEM privileges by placing a malicious .dll file in the respective location.
CVE-2024-23491 1 Intel 2 Distribution For Gdb, Oneapi Base Toolkit 2024-08-31 N/A 7.3 HIGH
Uncontrolled search path in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-7061 1 Okta 1 Verify 2024-08-28 N/A 7.8 HIGH
Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. The vulnerability is fixed in Okta Verify for Windows version 5.0.2. To remediate this vulnerability, upgrade to 5.0.2 or greater.
CVE-2024-37127 1 Dell 1 Peripheral Manager 2024-08-27 N/A 7.8 HIGH
Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege
CVE-2024-5929 1 Vipre 1 Advanced Security 2024-08-23 N/A 7.8 HIGH
VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Patch Management Agent. The issue results from loading a file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22316.
CVE-2024-7886 2024-08-19 6.8 MEDIUM 7.8 HIGH
A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The real existence of this vulnerability is still doubted at the moment. NOTE: The vendor explains that a system must be breached before exploiting this issue.
CVE-2024-7326 1 Itopvpn 1 Dualsafe Password Manager 2024-08-15 6.8 MEDIUM 7.8 HIGH
A vulnerability classified as critical has been found in IObit DualSafe Password Manager 1.4.0.3. This affects an unknown part in the library RTL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The identifier VDB-273249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-21857 2024-08-14 N/A 6.7 MEDIUM
Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-22376 2024-08-14 N/A 6.7 MEDIUM
Uncontrolled search path element in some installation software for Intel(R) Ethernet Adapter Driver Pack before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21766 2024-08-14 N/A 6.7 MEDIUM
Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-22184 2024-08-14 N/A 6.7 MEDIUM
Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition Design Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21769 2024-08-14 N/A 6.7 MEDIUM
Uncontrolled search path in some Intel(R) Ethernet Connection I219-LM install software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-28953 2024-08-14 N/A 6.7 MEDIUM
Uncontrolled search path in some EMON software before version 11.44 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21784 2024-08-14 N/A 6.7 MEDIUM
Uncontrolled search path for some Intel(R) IPP Cryptography software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-37142 1 Dell 1 Peripheral Manager 2024-08-08 N/A 7.8 HIGH
Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege
CVE-2024-32857 1 Dell 1 Peripheral Manager 2024-08-08 N/A 7.8 HIGH
Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege
CVE-2024-7324 2024-08-01 6.8 MEDIUM 7.8 HIGH
A vulnerability was found in IObit iTop Data Recovery Pro 4.4.0.687. It has been declared as critical. Affected by this vulnerability is an unknown functionality in the library madbasic_.bpl of the component BPL Handler. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The associated identifier of this vulnerability is VDB-273247. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.