Total
832 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39820 | 2024-11-21 | N/A | 6.6 MEDIUM | ||
| Uncontrolled search path element in the installer for Zoom Workplace Desktop App for macOS before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access. | |||||
| CVE-2024-39708 | 2024-11-21 | N/A | 7.0 HIGH | ||
| An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory (used by .NET Shadow Copies) such that privilege escalation can occur if the core agent service loads that file. | |||||
| CVE-2024-38330 | 1 Ibm | 1 I | 2024-11-21 | N/A | 7.0 HIGH |
| IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227. | |||||
| CVE-2024-34116 | 1 Adobe | 1 Creative Cloud Desktop Application | 2024-11-21 | N/A | 7.1 HIGH |
| Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to load and execute malicious libraries, leading to arbitrary file delete. Exploitation of this issue requires user interaction. | |||||
| CVE-2024-33672 | 2024-11-21 | N/A | 7.7 HIGH | ||
| An issue was discovered in Veritas NetBackup before 10.4. The Multi-Threaded Agent used in NetBackup can be leveraged to perform arbitrary file deletion on protected files. | |||||
| CVE-2024-29734 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application. | |||||
| CVE-2024-28131 | 2024-11-21 | N/A | 7.8 HIGH | ||
| EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed with the privilege of the running program. Note that the developer was unreachable, therefore, users should consider stop using EasyRange Ver 1.41. | |||||
| CVE-2024-28099 | 2024-11-21 | N/A | 7.8 HIGH | ||
| VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application. | |||||
| CVE-2024-25050 | 2024-11-21 | N/A | 8.4 HIGH | ||
| IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privileges. IBM X-Force ID: 283242. | |||||
| CVE-2024-23940 | 2 Microsoft, Trendmicro | 6 Windows, Air Support, Antivirus \+ Security and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
| Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system. | |||||
| CVE-2024-23054 | 1 Plone | 1 Plone Docker Official Image | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm). | |||||
| CVE-2024-22379 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-22346 | 1 Ibm | 1 I | 2024-11-21 | N/A | 8.4 HIGH |
| Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203. | |||||
| CVE-2024-21843 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21841 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) Distribution for GDB software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21831 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) Processor Diagnostic Tool software before version 4.1.9.41 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21818 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21774 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21772 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) Advisor software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-1595 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed. | |||||