ReportizFlow
Filtered by vendor
Subscriptions
Total
1142 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28596 | 1 Zoom | 1 Meetings | 2025-02-19 | 7.8 High |
| Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to privileges to root. | ||||
| CVE-2022-48225 | 1 Gbgplc | 1 Acuant Acufill Sdk | 2025-02-18 | 7.3 High |
| An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is used to install drivers from several different vendors. The Gemalto Document Reader child installation process is vulnerable to DLL hijacking, because it attempts to execute (with elevated privileges) multiple non-existent DLLs out of a non-existent standard-user writable location. | ||||
| CVE-2022-48224 | 1 Gbgplc | 1 Acuant Acufill Sdk | 2025-02-18 | 7.3 High |
| An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is installed with insecure permissions (full write access within Program Files). Standard users can replace files within this directory that get executed with elevated privileges, leading to a complete arbitrary code execution (elevation of privileges). | ||||
| CVE-2022-48223 | 1 Gbgplc | 1 Acuant Acufill Sdk | 2025-02-18 | 6.7 Medium |
| An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory. | ||||
| CVE-2022-48222 | 1 Gbgplc | 1 Acuant Acufill Sdk | 2025-02-18 | 7.8 High |
| An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges). | ||||
| CVE-2022-28688 | 1 Aveva | 1 Aveva Edge | 2025-02-18 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17201. | ||||
| CVE-2022-28687 | 1 Aveva | 1 Aveva Edge | 2025-02-18 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16257. | ||||
| CVE-2022-28686 | 1 Aveva | 1 Aveva Edge | 2025-02-18 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17114. | ||||
| CVE-2024-0670 | 2 Checkmk, Microsoft | 2 Checkmk, Windows | 2025-02-13 | 8.8 High |
| Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges | ||||
| CVE-2022-43703 | 1 Arm | 2 Arm Development Studio, Ds Development Studio | 2025-02-13 | 7.8 High |
| An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files. | ||||
| CVE-2018-1890 | 1 Ibm | 1 Sdk | 2025-02-13 | N/A |
| IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081. | ||||
| CVE-2022-38745 | 2 Apache, Redhat | 2 Openoffice, Enterprise Linux | 2025-02-13 | 7.8 High |
| Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory. | ||||
| CVE-2022-30548 | 1 Intel | 1 Glorp | 2025-02-06 | 6.7 Medium |
| Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-27638 | 1 Intel | 1 Advanced Link Analyzer | 2025-02-06 | 6.7 Medium |
| Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-27187 | 1 Intel | 1 Quartus Prime | 2025-02-06 | 6.7 Medium |
| Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-26086 | 1 Intel | 1 Gametechdev Presentmon | 2025-02-06 | 6.7 Medium |
| Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-22184 | 1 Intel | 2 Quartus Prime, Quartus Prime Pro | 2025-02-04 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition Design Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-38383 | 2 Intel, Microsoft | 3 Quartus Prime, Quartus Prime Pro, Windows | 2025-02-04 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition software for Windows before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-38668 | 2 Intel, Microsoft | 3 Quartus Prime, Quartus Prime Standard Edition Design Software, Windows | 2025-02-04 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) Quartus(R) Prime Standard Edition software for Windows before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-36253 | 2 Intel, Microsoft | 3 Sdp Software, Server Debug And Provisioning Tool, Windows | 2025-02-04 | 6.7 Medium |
| Uncontrolled search path in the Intel(R) SDP Tool for Windows software all version may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||