Total
620 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-34350 | 1 Intel | 1 Extreme Tuning Utility | 2023-12-10 | N/A | 7.8 HIGH |
Uncontrolled search path element in some Intel(R) XTU software before version 7.12.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-29161 | 1 Intel | 1 One Boot Flash Update | 2023-12-10 | N/A | 7.8 HIGH |
Uncontrolled search path in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-34430 | 1 Intel | 1 Battery Life Diagnostic Tool | 2023-12-10 | N/A | 7.8 HIGH |
Uncontrolled search path in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-32660 | 1 Intel | 2 Nuc Kit Nuc6i7kyk, Thunderbolt 3 Controller Firmware | 2023-12-10 | N/A | 7.3 HIGH |
Uncontrolled search path in some Intel(R) NUC Kit NUC6i7KYK Thunderbolt(TM) 3 Firmware Update Tool installation software before version 46 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-47452 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2023-12-10 | N/A | 7.8 HIGH |
An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory. | |||||
CVE-2023-33874 | 1 Intel | 7 Hid Event Filter Driver, Nuc 12 Pro Board Nuc12wsbv5, Nuc 12 Pro Board Nuc12wsbv7 and 4 more | 2023-12-10 | N/A | 7.3 HIGH |
Uncontrolled search path in some Intel(R) NUC 12 Pro Kits & Mini PCs - NUC12WS Intel(R) HID Event Filter Driver installation software before version 2.2.2.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2021-41544 | 1 Siemens | 1 Software Center | 2023-12-10 | N/A | 7.8 HIGH |
A vulnerability has been identified in Siemens Software Center (All versions < V3.0). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path. | |||||
CVE-2022-47636 | 1 Outsystems | 1 Service Studio | 2023-12-10 | N/A | 7.8 HIGH |
A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user. | |||||
CVE-2023-23577 | 1 Intel | 3 Ite Tech Consumer Infrared Driver, Nuc 11 Enthusiast Kit Nuc11phki7c, Nuc 11 Enthusiast Mini Pc Nuc11phki7caa | 2023-12-10 | N/A | 7.3 HIGH |
Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-36344 | 1 Dieboldnixdorf | 1 Vynamic View | 2023-12-10 | N/A | 7.8 HIGH |
An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature. | |||||
CVE-2023-35897 | 1 Ibm | 2 Storage Protect, Storage Protect Client | 2023-12-10 | N/A | 7.8 HIGH |
IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246. | |||||
CVE-2023-34355 | 1 Intel | 2 Integrated Bmc Video Driver, Server Board M10jnp2sb | 2023-12-10 | N/A | 7.3 HIGH |
Uncontrolled search path element for some Intel(R) Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-3078 | 1 Lenovo | 1 Universal Device Client | 2023-12-10 | N/A | 7.8 HIGH |
An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. | |||||
CVE-2023-22841 | 1 Intel | 2 C621a, Server Firmware Update Utility | 2023-12-10 | N/A | 7.3 HIGH |
Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-37849 | 1 Watchguard | 1 Panda Security Vpn | 2023-12-10 | N/A | 6.5 MEDIUM |
A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows attackers to execute arbitrary code via placing a crafted DLL file in the same directory as PANDAVPN.exe. | |||||
CVE-2023-28380 | 1 Intel | 1 Ai Hackathon | 2023-12-10 | N/A | 8.8 HIGH |
Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
CVE-2023-28405 | 1 Intel | 1 Openvino | 2023-12-10 | N/A | 7.8 HIGH |
Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2022.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-28823 | 1 Intel | 29 Advisor For Oneapi, Cpu Runtime For Opencl Applications, Distribution For Python Programming Language and 26 more | 2023-12-10 | N/A | 7.3 HIGH |
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-39374 | 1 Forescout | 1 Secureconnector | 2023-12-10 | N/A | 7.8 HIGH |
ForeScout NAC SecureConnector version 11.2 - CWE-427: Uncontrolled Search Path Element | |||||
CVE-2023-4936 | 1 Synaptics | 1 Displaylink Usb Graphics | 2023-12-10 | N/A | 7.8 HIGH |
It is possible to sideload a compromised DLL during the installation at elevated privilege. |