Vulnerabilities (CVE)

Filtered by CWE-427
Total 757 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-44939 1 Echatserver 1 Easy Chat Server 2024-11-21 N/A 7.8 HIGH
Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.
CVE-2022-44744 1 Acronis 1 Cyber Protect Home Office 2024-11-21 N/A 7.3 HIGH
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
CVE-2022-43751 1 Mcafee 1 Total Protection 2024-11-21 N/A 7.8 HIGH
McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. This may have allowed the unprivileged user to execute arbitrary code with system privileges.
CVE-2022-43722 1 Siemens 1 Sicam Pas\/pqs 2024-11-21 N/A 7.8 HIGH
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.
CVE-2022-43703 1 Arm 2 Arm Development Studio, Ds Development Studio 2024-11-21 N/A 7.8 HIGH
An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files.
CVE-2022-43440 1 Checkmk 1 Checkmk 2024-11-21 N/A 8.8 HIGH
Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable
CVE-2022-43310 1 Foxitsoftware 1 Foxit Reader 2024-11-21 N/A 7.8 HIGH
An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path.
CVE-2022-42945 1 Autodesk 1 Dwg Trueview 2024-11-21 N/A 7.8 HIGH
DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability. Successful exploitation by a malicious attacker could result in remote code execution on the target system.
CVE-2022-41998 1 Intel 1 Data Center Manager 2024-11-21 N/A 6.7 MEDIUM
Uncontrolled search path in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-41982 1 Intel 1 Vtune Profiler 2024-11-21 N/A 6.7 MEDIUM
Uncontrolled search path element in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-41796 1 Sony 1 Content Transfer 2024-11-21 N/A 7.8 HIGH
Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2022-41628 2 Intel, Microsoft 15 Nuc P14e Laptop Element, Windows 10 1507, Windows 10 1511 and 12 more 2024-11-21 N/A 6.7 MEDIUM
Uncontrolled search path element in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-41314 1 Intel 16 Administrative Tools For Intel Network Adapters, Ethernet Controller E810, Ethernet Network Adapter E810-cqda1 and 13 more 2024-11-21 N/A 6.7 MEDIUM
Uncontrolled search path in some Intel(R) Network Adapter installer software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-41141 1 Windscribe 1 Windscribe 2024-11-21 N/A 7.8 HIGH
This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16859.
CVE-2022-40978 1 Jetbrains 1 Intellij Idea 2024-11-21 N/A 7.5 HIGH
The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking
CVE-2022-40746 2 Ibm, Microsoft 2 I Access Client Solutions, Windows 2024-11-21 N/A 7.2 HIGH
IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581.
CVE-2022-3859 1 Trellix 1 Agent 2024-11-21 N/A 6.7 MEDIUM
An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.
CVE-2022-39846 1 Samsung 1 Smart Switch Pc 2024-11-21 N/A 6.2 MEDIUM
DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code.
CVE-2022-39286 3 Debian, Fedoraproject, Jupyter 3 Debian Linux, Fedora, Jupyter Core 2024-11-21 N/A 8.8 HIGH
Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds.
CVE-2022-38745 1 Apache 1 Openoffice 2024-11-21 N/A 7.8 HIGH
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.