Total
988 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29012 | 1 Git For Windows Project | 1 Git For Windows | 2024-11-21 | N/A | 7.2 HIGH |
| Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. The problem has been patched in Git for Windows v2.40.1. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory. | |||||
| CVE-2023-29011 | 1 Git For Windows Project | 1 Git For Windows | 2024-11-21 | N/A | 7.5 HIGH |
| Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:\etc\connectrc`. Since `C:\etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder `etc` on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious `<drive>:\etc\connectrc` files on multi-user machines. | |||||
| CVE-2023-28929 | 2 Microsoft, Trendmicro | 13 Windows, Antivirus\+ Security 2021, Antivirus\+ Security 2022 and 10 more | 2024-11-21 | N/A | 7.8 HIGH |
| Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started. | |||||
| CVE-2023-28823 | 1 Intel | 29 Advisor For Oneapi, Cpu Runtime For Opencl Applications, Distribution For Python Programming Language and 26 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28740 | 2 Intel, Microsoft | 4 Quickassist Technology, Quickassist Technology Firmware, Quickassist Technology Library and 1 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uncontrolled search path element in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28596 | 1 Zoom | 1 Meetings | 2024-11-21 | N/A | 7.8 HIGH |
| Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to privileges to root. | |||||
| CVE-2023-28405 | 1 Intel | 1 Openvino | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2022.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28388 | 1 Intel | 1 Chipset Device Software | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uncontrolled search path element in some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28380 | 1 Intel | 1 Ai Hackathon | 2024-11-21 | N/A | 8.8 HIGH |
| Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2023-28140 | 1 Qualys | 1 Cloud Agent | 2024-11-21 | N/A | 6.7 MEDIUM |
| An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library (DLL) via a local attack vector instead of the DLL that the application was expecting, when processes are running with escalated privileges. This vulnerability is bounded only to the time of uninstallation and can only be exploited locally. At the time of this disclosure, versions before 4.0 are classified as End of Life. | |||||
| CVE-2023-28080 | 1 Dell | 1 Powerpath | 2024-11-21 | N/A | 6.7 MEDIUM |
| PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. | |||||
| CVE-2023-27908 | 1 Autodesk | 1 Installer | 2024-11-21 | N/A | 7.8 HIGH |
| A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability. | |||||
| CVE-2023-27513 | 1 Intel | 1 Server Information Retrieval Utility | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uncontrolled search path element in some Intel(R) Server Information Retrieval Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-25944 | 1 Intel | 1 Vcust Tool | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uncontrolled search path element in some Intel(R) VCUST Tool software downloaded before February 3nd 2023 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-25182 | 1 Intel | 1 Unite | 2024-11-21 | N/A | 4.2 MEDIUM |
| Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-24016 | 2 Intel, Linux | 2 Quartus Prime, Linux Kernel | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software for linux may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-23577 | 1 Intel | 3 Ite Tech Consumer Infrared Driver, Nuc 11 Enthusiast Kit Nuc11phki7c, Nuc 11 Enthusiast Mini Pc Nuc11phki7caa | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-22841 | 1 Intel | 2 C621a, Server Firmware Update Utility | 2024-11-21 | N/A | 6.7 MEDIUM |
| Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-22818 | 1 Westerndigital | 1 Sandisk Security Installer | 2024-11-21 | N/A | 7.3 HIGH |
| Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution of arbitrary code with the privileges of the vulnerable application or obtain a certain level of persistence on the compromised host. | |||||
| CVE-2023-22358 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Edge | 2024-11-21 | N/A | 7.8 HIGH |
| In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||