ReportizFlow
Filtered by vendor
Subscriptions
Total
932 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34902 | 1 Parallels | 1 Parallels Access | 2024-11-21 | 7.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Desktop Control Agent service. The service loads Qt plugins from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-15787. | ||||
| CVE-2022-34901 | 1 Parallels | 1 Parallels Access | 2024-11-21 | 7.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. The service executes files from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16137. | ||||
| CVE-2022-34900 | 1 Parallels | 1 Parallels Access | 2024-11-21 | 7.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 (39313) Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Dispatcher service. The service loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-15213. | ||||
| CVE-2022-34101 | 1 Crestron | 1 Airmedia | 2024-11-21 | 7.8 High |
| A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack. | ||||
| CVE-2022-33037 | 1 Orwell-dev-cpp Project | 1 Orwell-dev-cpp | 2024-11-21 | 7.8 High |
| A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file. | ||||
| CVE-2022-33036 | 1 Embarcadero | 1 Dev-c\+\+ | 2024-11-21 | 7.8 High |
| A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file. | ||||
| CVE-2022-33035 | 1 Netsarang | 1 Xlpd | 2024-11-21 | 7.8 High |
| XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | ||||
| CVE-2022-32498 | 1 Dell | 1 Powerstore Command Line Interface | 2024-11-21 | 5.5 Medium |
| Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure. | ||||
| CVE-2022-31467 | 1 Quickheal | 1 Total Security | 2024-11-21 | 7.9 High |
| A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature of the DLLs it tries to load. | ||||
| CVE-2022-30744 | 1 Samsung | 1 Kies | 2024-11-21 | 6.2 Medium |
| DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code. | ||||
| CVE-2022-30701 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 7.8 High |
| An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-30697 | 1 Acronis | 1 Snap Deploy | 2024-11-21 | 7.8 High |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 | ||||
| CVE-2022-30696 | 1 Acronis | 1 Snap Deploy | 2024-11-21 | 7.8 High |
| Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 | ||||
| CVE-2022-2313 | 1 Mcafee | 1 Agent | 2024-11-21 | 8.2 High |
| A DLL hijacking vulnerability in the MA Smart Installer for Windows prior to 5.7.7, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL into the folder from where the Smart installer is being executed. | ||||
| CVE-2022-29187 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Xcode, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.8 High |
| Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks. | ||||
| CVE-2022-29092 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-11-21 | 7.8 High |
| Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system. | ||||
| CVE-2022-28965 | 1 Avast | 1 Premium Security | 2024-11-21 | 6.5 Medium |
| Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file. | ||||
| CVE-2022-28792 | 1 Samsung | 1 Gear Iconx Pc Manager | 2024-11-21 | 6.2 Medium |
| DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking. | ||||
| CVE-2022-28779 | 1 Samsung | 1 Android Usb Driver Windows Installer | 2024-11-21 | 5.3 Medium |
| Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code. | ||||
| CVE-2022-28714 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client | 2024-11-21 | 7.3 High |
| On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||