Total
755 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-28369 | 1 Beyondtrust | 1 Privilege Management For Windows | 2024-02-28 | N/A | 7.8 HIGH |
In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp. | |||||
CVE-2023-43064 | 1 Ibm | 1 I | 2024-02-28 | N/A | 7.8 HIGH |
Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689. | |||||
CVE-2023-6061 | 1 Iconics | 1 Iconics Suite | 2024-02-28 | N/A | 7.8 HIGH |
Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are: * MMXFax.exe * winfax.dll * MelSim2ComProc.exe * Sim2ComProc.dll * MMXCall_in.exe * libdxxmt.dll * libsrlmt.dll | |||||
CVE-2023-47453 | 1 Sohu | 1 Video Player | 2024-02-28 | N/A | 7.8 HIGH |
An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working directory. | |||||
CVE-2023-29445 | 1 Ptc | 3 Kepware Kepserverex, Thingworx Industrial Connectivity, Thingworx Kepware Server | 2024-02-28 | N/A | 7.8 HIGH |
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. | |||||
CVE-2023-29504 | 1 Intel | 1 Realsense D400 Series Dynamic Calibration Tool | 2024-02-28 | N/A | 7.8 HIGH |
Uncontrolled search path element in some Intel(R) RealSense(TM) Dynamic Calibration software before version 2.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-29161 | 1 Intel | 1 One Boot Flash Update | 2024-02-28 | N/A | 7.8 HIGH |
Uncontrolled search path in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-32660 | 1 Intel | 2 Nuc Kit Nuc6i7kyk, Thunderbolt 3 Controller Firmware | 2024-02-28 | N/A | 7.3 HIGH |
Uncontrolled search path in some Intel(R) NUC Kit NUC6i7KYK Thunderbolt(TM) 3 Firmware Update Tool installation software before version 46 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-27513 | 1 Intel | 1 Server Information Retrieval Utility | 2024-02-28 | N/A | 7.8 HIGH |
Uncontrolled search path element in some Intel(R) Server Information Retrieval Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-34430 | 1 Intel | 1 Battery Life Diagnostic Tool | 2024-02-28 | N/A | 7.8 HIGH |
Uncontrolled search path in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-48861 | 2 Baidu, Microsoft | 2 Ttplayer, Windows | 2024-02-28 | N/A | 7.8 HIGH |
DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll. | |||||
CVE-2023-41787 | 1 Artica | 1 Pandora Fms | 2024-02-28 | N/A | 7.5 HIGH |
Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows access to files with sensitive information. This issue affects Pandora FMS: from 700 through 772. | |||||
CVE-2023-28388 | 1 Intel | 1 Chipset Device Software | 2024-02-28 | N/A | 7.8 HIGH |
Uncontrolled search path element in some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-32272 | 1 Intel | 1 Nuc Pro Software Suite | 2024-02-28 | N/A | 5.5 MEDIUM |
Uncontrolled search path in some Intel NUC Pro Software Suite Configuration Tool software installers before version 3.0.0.6 may allow an authenticated user to potentially enable denial of service via local access. | |||||
CVE-2024-23940 | 2 Microsoft, Trendmicro | 6 Windows, Air Support, Antivirus \+ Security and 3 more | 2024-02-28 | N/A | 7.8 HIGH |
Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system. | |||||
CVE-2023-41613 | 2 Ezviz, Microsoft | 2 Ezviz Studio, Windows | 2024-02-28 | N/A | 7.8 HIGH |
EzViz Studio v2.2.0 is vulnerable to DLL hijacking. | |||||
CVE-2023-29444 | 1 Ptc | 3 Kepware Kepserverex, Thingworx Industrial Connectivity, Thingworx Kepware Server | 2024-02-28 | N/A | 7.3 HIGH |
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution. | |||||
CVE-2023-41790 | 1 Artica | 1 Pandora Fms | 2024-02-28 | N/A | 9.8 CRITICAL |
Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773. | |||||
CVE-2023-4931 | 1 Plesk | 1 Plesk | 2024-02-28 | N/A | 7.8 HIGH |
Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files. | |||||
CVE-2023-48677 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2024-02-28 | N/A | 7.8 HIGH |
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901. |