Vulnerabilities (CVE)

Filtered by CWE-427
Total 757 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-45248 2 Acronis, Microsoft 2 Agent, Windows 2024-11-21 N/A 7.3 HIGH
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391.
CVE-2023-44440 2024-11-21 N/A 7.8 HIGH
Ashlar-Vellum Lithium Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Lithium. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21680.
CVE-2023-44439 2024-11-21 N/A 7.8 HIGH
Ashlar-Vellum Xenon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Xenon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21679.
CVE-2023-44438 2024-11-21 N/A 7.8 HIGH
Ashlar-Vellum Argon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Argon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21678.
CVE-2023-44437 2024-11-21 N/A 7.8 HIGH
Ashlar-Vellum Cobalt Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21540.
CVE-2023-44220 1 Sonicwall 1 Netextender 2024-11-21 N/A 7.3 HIGH
SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.
CVE-2023-43751 2024-11-21 N/A 6.7 MEDIUM
Uncontrolled search path in Intel(R) Graphics Command Center Service bundled in some Intel(R) Graphics Windows DCH driver software before versions 31.0.101.3790/31.0.101.2114 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-43064 1 Ibm 1 I 2024-11-21 N/A 7.0 HIGH
Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689.
CVE-2023-41961 2024-11-21 N/A 6.7 MEDIUM
Uncontrolled search path in some Intel(R) GPA software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-41929 1 Samsung 1 Memory Card \& Ufd Authentication 2024-11-21 N/A 7.3 HIGH
A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows to exploit this vulnerability.)
CVE-2023-41790 1 Artica 1 Pandora Fms 2024-11-21 N/A 7.6 HIGH
Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773.
CVE-2023-41787 1 Artica 1 Pandora Fms 2024-11-21 N/A 6.0 MEDIUM
Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows access to files with sensitive information. This issue affects Pandora FMS: from 700 through 772.
CVE-2023-41782 1 Zte 2 Zxcloud Irai, Zxcloud Irai Firmware 2024-11-21 N/A 3.9 LOW
There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.
CVE-2023-41780 1 Zte 2 Zxcloud Irai, Zxcloud Irai Firmware 2024-11-21 N/A 6.4 MEDIUM
There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the  program  failed to adequately validate the user's input, an attacker could exploit this vulnerability  to escalate local privileges.
CVE-2023-41613 2 Ezviz, Microsoft 2 Ezviz Studio, Windows 2024-11-21 N/A 7.8 HIGH
EzViz Studio v2.2.0 is vulnerable to DLL hijacking.
CVE-2023-41117 1 Enterprisedb 1 Postgres Advanced Server 2024-11-21 N/A 8.8 HIGH
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks.
CVE-2023-40596 2 Microsoft, Splunk 2 Windows, Splunk 2024-11-21 N/A 7.0 HIGH
In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.
CVE-2023-40352 1 Mcafee 1 Safe Connect 2024-11-21 N/A 7.2 HIGH
McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs.
CVE-2023-40155 2024-11-21 N/A 6.7 MEDIUM
Uncontrolled search path for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-3662 1 Codesys 1 Development System 2024-11-21 N/A 7.3 HIGH
In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context .