ReportizFlow
Filtered by vendor
Subscriptions
Total
812 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27595 | 2024-12-20 | 7.8 High | ||
| An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windows 2.0.0.1316 and later QVPN Windows 2.0.0.1310 and later | ||||
| CVE-2023-31348 | 1 Amd | 2 Uprof, Uprof Tool | 2024-12-12 | 7.3 High |
| A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
| CVE-2023-40596 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-12-10 | 7 High |
| In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine. | ||||
| CVE-2024-47576 | 2024-12-10 | 3.3 Low | ||
| SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execute commands as being part of SAP Product Lifecycle Costing Client Application. On a successful attack, it can cause a low impact to confidentiality but no impact to the integrity and availability of the application. | ||||
| CVE-2024-0670 | 2 Checkmk, Microsoft | 2 Checkmk, Windows | 2024-12-09 | 8.8 High |
| Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges | ||||
| CVE-2024-9852 | 2 Iconics, Mitsubishielectric | 3 Genesis64, Genesis64, Mc Works64 | 2024-12-06 | 7.8 High |
| Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. | ||||
| CVE-2024-8299 | 2 Iconics, Mitsubishielectric | 2 Genesis64, Mc Works64 | 2024-12-06 | 7.8 High |
| Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. | ||||
| CVE-2024-30376 | 1 Famatech | 1 Advanced Ip Scanner | 2024-12-05 | N/A |
| Famatech Advanced IP Scanner Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Famatech Advanced IP Scanner. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the application's use of Qt. The application loads Qt plugins from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of an administrator. Was ZDI-CAN-20768. | ||||
| CVE-2023-27908 | 1 Autodesk | 1 Installer | 2024-12-05 | 7.8 High |
| A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability. | ||||
| CVE-2023-28929 | 3 Microsoft, Trend Micro Inc, Trendmicro | 14 Windows, Trend Micro Security, Antivirus\+ Security 2021 and 11 more | 2024-12-05 | 7.8 High |
| Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started. | ||||
| CVE-2023-2005 | 1 Tenable | 3 Nessus, Securitycenter, Tenable.io | 2024-12-03 | 6.3 Medium |
| Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges. | ||||
| CVE-2024-7244 | 1 Pandasecurity | 1 Panda Dome | 2024-12-03 | 7.8 High |
| Panda Security Dome VPN DLL Hijacking Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the VPN process. The process does not restrict DLL search to trusted paths, which can result in the loading of a malicious DLL. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23428. | ||||
| CVE-2024-48992 | 1 Needrestart Project | 1 Needrestart | 2024-12-03 | 7.8 High |
| Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable. | ||||
| CVE-2024-48990 | 1 Needrestart Project | 1 Needrestart | 2024-12-03 | 7.8 High |
| Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable. | ||||
| CVE-2023-0142 | 1 Synology | 3 Diskstation Manager, Diskstation Manager Unified Controller, Router Manager | 2024-12-03 | 6.5 Medium |
| Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors. | ||||
| CVE-2023-31210 | 1 Checkmk | 1 Checkmk | 2024-12-02 | 8.8 High |
| Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries | ||||
| CVE-2024-49592 | 1 Mcafee | 1 Total Protection | 2024-11-27 | 6.7 Medium |
| Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. The attacker could be "an adversary or knowledgeable user" and the type of attack could be called "DLL-squatting." The issue only affects execution of this installer, and does not leave McAfee Total Protection in a vulnerable state after installation is completed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-7253 | 1 Nomachine | 1 Nomachine | 2024-11-26 | 7.8 High |
| NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within nxnode.exe. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. . Was ZDI-CAN-24039. | ||||
| CVE-2023-31543 | 1 Pipreqs Project | 1 Pipreqs | 2024-11-26 | 9.8 Critical |
| A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server. | ||||
| CVE-2023-47453 | 1 Sohu | 1 Video Player | 2024-11-26 | 7.8 High |
| An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working directory. | ||||