Total
935 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29734 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application. | |||||
| CVE-2024-28131 | 2024-11-21 | N/A | 7.8 HIGH | ||
| EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed with the privilege of the running program. Note that the developer was unreachable, therefore, users should consider stop using EasyRange Ver 1.41. | |||||
| CVE-2024-23054 | 1 Plone | 1 Plone Docker Official Image | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm). | |||||
| CVE-2024-22379 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-22346 | 1 Ibm | 1 I | 2024-11-21 | N/A | 8.4 HIGH |
| Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203. | |||||
| CVE-2024-21843 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21841 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path for some Intel(R) Distribution for GDB software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21818 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21774 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-1595 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed. | |||||
| CVE-2024-1182 | 2024-11-21 | N/A | 7.0 HIGH | ||
| Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64 and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature. | |||||
| CVE-2023-6891 | 1 Peazip | 1 Peazip | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in PeaZip 9.4.0 and classified as problematic. Affected by this vulnerability is an unknown functionality in the library dragdropfilesdll.dll of the component Library Handler. The manipulation leads to uncontrolled search path. An attack has to be approached locally. Upgrading to version 9.6.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248251. NOTE: Vendor was contacted early, confirmed the existence of the flaw and immediately worked on a patched release. | |||||
| CVE-2023-6401 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6338 | 1 Lenovo | 1 Universal Device Client | 2024-11-21 | N/A | 7.8 HIGH |
| Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. | |||||
| CVE-2023-6132 | 2024-11-21 | N/A | 7.3 HIGH | ||
| The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL. | |||||
| CVE-2023-5463 | 1 Xinje | 1 Xdppro | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been rated as critical. Affected by this issue is some unknown functionality in the library cfgmgr32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-241586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-51710 | 2024-11-21 | N/A | 4.2 MEDIUM | ||
| EMS SQL Manager 3.6.2 (build 55333) for Oracle allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed. | |||||
| CVE-2023-4936 | 1 Synaptics | 1 Displaylink Usb Graphics | 2024-11-21 | N/A | 5.5 MEDIUM |
| It is possible to sideload a compromised DLL during the installation at elevated privilege. | |||||
| CVE-2023-4931 | 1 Plesk | 1 Plesk | 2024-11-21 | N/A | 6.3 MEDIUM |
| Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files. | |||||
| CVE-2023-4770 | 2 4d, Microsoft | 3 4d, Server, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution. | |||||