Vulnerabilities (CVE)

Filtered by CWE-427
Total 755 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-28369 1 Beyondtrust 1 Privilege Management For Windows 2024-02-28 N/A 7.8 HIGH
In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp.
CVE-2023-43064 1 Ibm 1 I 2024-02-28 N/A 7.8 HIGH
Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689.
CVE-2023-6061 1 Iconics 1 Iconics Suite 2024-02-28 N/A 7.8 HIGH
Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are: * MMXFax.exe * winfax.dll * MelSim2ComProc.exe * Sim2ComProc.dll * MMXCall_in.exe * libdxxmt.dll * libsrlmt.dll
CVE-2023-47453 1 Sohu 1 Video Player 2024-02-28 N/A 7.8 HIGH
An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working directory.
CVE-2023-29445 1 Ptc 3 Kepware Kepserverex, Thingworx Industrial Connectivity, Thingworx Kepware Server 2024-02-28 N/A 7.8 HIGH
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM.
CVE-2023-29504 1 Intel 1 Realsense D400 Series Dynamic Calibration Tool 2024-02-28 N/A 7.8 HIGH
Uncontrolled search path element in some Intel(R) RealSense(TM) Dynamic Calibration software before version 2.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-29161 1 Intel 1 One Boot Flash Update 2024-02-28 N/A 7.8 HIGH
Uncontrolled search path in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-32660 1 Intel 2 Nuc Kit Nuc6i7kyk, Thunderbolt 3 Controller Firmware 2024-02-28 N/A 7.3 HIGH
Uncontrolled search path in some Intel(R) NUC Kit NUC6i7KYK Thunderbolt(TM) 3 Firmware Update Tool installation software before version 46 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-27513 1 Intel 1 Server Information Retrieval Utility 2024-02-28 N/A 7.8 HIGH
Uncontrolled search path element in some Intel(R) Server Information Retrieval Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-34430 1 Intel 1 Battery Life Diagnostic Tool 2024-02-28 N/A 7.8 HIGH
Uncontrolled search path in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-48861 2 Baidu, Microsoft 2 Ttplayer, Windows 2024-02-28 N/A 7.8 HIGH
DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll.
CVE-2023-41787 1 Artica 1 Pandora Fms 2024-02-28 N/A 7.5 HIGH
Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows access to files with sensitive information. This issue affects Pandora FMS: from 700 through 772.
CVE-2023-28388 1 Intel 1 Chipset Device Software 2024-02-28 N/A 7.8 HIGH
Uncontrolled search path element in some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-32272 1 Intel 1 Nuc Pro Software Suite 2024-02-28 N/A 5.5 MEDIUM
Uncontrolled search path in some Intel NUC Pro Software Suite Configuration Tool software installers before version 3.0.0.6 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-23940 2 Microsoft, Trendmicro 6 Windows, Air Support, Antivirus \+ Security and 3 more 2024-02-28 N/A 7.8 HIGH
Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system.
CVE-2023-41613 2 Ezviz, Microsoft 2 Ezviz Studio, Windows 2024-02-28 N/A 7.8 HIGH
EzViz Studio v2.2.0 is vulnerable to DLL hijacking.
CVE-2023-29444 1 Ptc 3 Kepware Kepserverex, Thingworx Industrial Connectivity, Thingworx Kepware Server 2024-02-28 N/A 7.3 HIGH
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution.
CVE-2023-41790 1 Artica 1 Pandora Fms 2024-02-28 N/A 9.8 CRITICAL
Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773.
CVE-2023-4931 1 Plesk 1 Plesk 2024-02-28 N/A 7.8 HIGH
Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files.
CVE-2023-48677 2 Acronis, Microsoft 2 Cyber Protect Home Office, Windows 2024-02-28 N/A 7.8 HIGH
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901.