Vulnerabilities (CVE)

Filtered by CWE-427
Total 757 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-28380 1 Intel 1 Ai Hackathon 2024-11-21 N/A 8.8 HIGH
Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
CVE-2023-28140 1 Qualys 1 Cloud Agent 2024-11-21 N/A 6.7 MEDIUM
An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library (DLL) via a local attack vector instead of the DLL that the application was expecting, when processes are running with escalated privileges. This vulnerability is bounded only to the time of uninstallation and can only be exploited locally. At the time of this disclosure, versions before 4.0 are classified as End of Life.
CVE-2023-28080 1 Dell 1 Powerpath 2024-11-21 N/A 6.7 MEDIUM
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.
CVE-2023-27908 1 Autodesk 1 Installer 2024-11-21 N/A 7.8 HIGH
A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability.
CVE-2023-27513 1 Intel 1 Server Information Retrieval Utility 2024-11-21 N/A 6.7 MEDIUM
Uncontrolled search path element in some Intel(R) Server Information Retrieval Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-27362 2024-11-21 N/A 7.0 HIGH
3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20026.
CVE-2023-25944 1 Intel 1 Vcust Tool 2024-11-21 N/A 6.7 MEDIUM
Uncontrolled search path element in some Intel(R) VCUST Tool software downloaded before February 3nd 2023 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-25428 1 Soft-o 1 Free Password Manager 2024-11-21 N/A 7.8 HIGH
A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution.
CVE-2023-25182 1 Intel 1 Unite 2024-11-21 N/A 4.2 MEDIUM
Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-25147 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 N/A 6.7 MEDIUM
An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this.
CVE-2023-25143 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 N/A 9.8 CRITICAL
An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products.
CVE-2023-25005 1 Autodesk 1 Infraworks 2024-11-21 N/A 7.8 HIGH
A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability.
CVE-2023-24578 1 Mcafee 1 Total Protection 2024-11-21 N/A 5.5 MEDIUM
McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. This could enable a user with lower privileges to execute unauthorized tasks.
CVE-2023-24016 2 Intel, Linux 2 Quartus Prime, Linux Kernel 2024-11-21 N/A 6.7 MEDIUM
Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software for linux may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-23577 1 Intel 3 Ite Tech Consumer Infrared Driver, Nuc 11 Enthusiast Kit Nuc11phki7c, Nuc 11 Enthusiast Mini Pc Nuc11phki7caa 2024-11-21 N/A 6.7 MEDIUM
Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-23554 1 Sraoss 1 Pg Ivm 2024-11-21 N/A 8.8 HIGH
Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner.
CVE-2023-22947 2 Microsoft, Shibboleth 2 Windows, Service Provider 2024-11-21 N/A 7.3 HIGH
Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake."
CVE-2023-22841 1 Intel 2 C621a, Server Firmware Update Utility 2024-11-21 N/A 6.7 MEDIUM
Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-22818 1 Westerndigital 1 Sandisk Security Installer 2024-11-21 N/A 7.3 HIGH
Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution of arbitrary code with the privileges of the vulnerable application or obtain a certain level of persistence on the compromised host. 
CVE-2023-22358 1 F5 2 Big-ip Access Policy Manager, Big-ip Edge 2024-11-21 N/A 7.8 HIGH
In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.