Total
757 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-45248 | 2 Acronis, Microsoft | 2 Agent, Windows | 2024-11-21 | N/A | 7.3 HIGH |
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391. | |||||
CVE-2023-44440 | 2024-11-21 | N/A | 7.8 HIGH | ||
Ashlar-Vellum Lithium Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Lithium. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21680. | |||||
CVE-2023-44439 | 2024-11-21 | N/A | 7.8 HIGH | ||
Ashlar-Vellum Xenon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Xenon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21679. | |||||
CVE-2023-44438 | 2024-11-21 | N/A | 7.8 HIGH | ||
Ashlar-Vellum Argon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Argon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21678. | |||||
CVE-2023-44437 | 2024-11-21 | N/A | 7.8 HIGH | ||
Ashlar-Vellum Cobalt Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21540. | |||||
CVE-2023-44220 | 1 Sonicwall | 1 Netextender | 2024-11-21 | N/A | 7.3 HIGH |
SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system. | |||||
CVE-2023-43751 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
Uncontrolled search path in Intel(R) Graphics Command Center Service bundled in some Intel(R) Graphics Windows DCH driver software before versions 31.0.101.3790/31.0.101.2114 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-43064 | 1 Ibm | 1 I | 2024-11-21 | N/A | 7.0 HIGH |
Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689. | |||||
CVE-2023-41961 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
Uncontrolled search path in some Intel(R) GPA software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-41929 | 1 Samsung | 1 Memory Card \& Ufd Authentication | 2024-11-21 | N/A | 7.3 HIGH |
A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows to exploit this vulnerability.) | |||||
CVE-2023-41790 | 1 Artica | 1 Pandora Fms | 2024-11-21 | N/A | 7.6 HIGH |
Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773. | |||||
CVE-2023-41787 | 1 Artica | 1 Pandora Fms | 2024-11-21 | N/A | 6.0 MEDIUM |
Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows access to files with sensitive information. This issue affects Pandora FMS: from 700 through 772. | |||||
CVE-2023-41782 | 1 Zte | 2 Zxcloud Irai, Zxcloud Irai Firmware | 2024-11-21 | N/A | 3.9 LOW |
There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code. | |||||
CVE-2023-41780 | 1 Zte | 2 Zxcloud Irai, Zxcloud Irai Firmware | 2024-11-21 | N/A | 6.4 MEDIUM |
There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges. | |||||
CVE-2023-41613 | 2 Ezviz, Microsoft | 2 Ezviz Studio, Windows | 2024-11-21 | N/A | 7.8 HIGH |
EzViz Studio v2.2.0 is vulnerable to DLL hijacking. | |||||
CVE-2023-41117 | 1 Enterprisedb | 1 Postgres Advanced Server | 2024-11-21 | N/A | 8.8 HIGH |
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks. | |||||
CVE-2023-40596 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-11-21 | N/A | 7.0 HIGH |
In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine. | |||||
CVE-2023-40352 | 1 Mcafee | 1 Safe Connect | 2024-11-21 | N/A | 7.2 HIGH |
McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs. | |||||
CVE-2023-40155 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
Uncontrolled search path for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-3662 | 1 Codesys | 1 Development System | 2024-11-21 | N/A | 7.3 HIGH |
In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context . |