ReportizFlow
Filtered by vendor
Subscriptions
Total
812 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25944 | 1 Intel | 1 Vcust Tool | 2024-11-21 | 6.7 Medium |
| Uncontrolled search path element in some Intel(R) VCUST Tool software downloaded before February 3nd 2023 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-25779 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | 6.7 Medium |
| Uncontrolled search path element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-25428 | 1 Soft-o | 1 Free Password Manager | 2024-11-21 | 7.8 High |
| A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution. | ||||
| CVE-2023-25182 | 1 Intel | 1 Unite | 2024-11-21 | 4.2 Medium |
| Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-25147 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 6.7 Medium |
| An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this. | ||||
| CVE-2023-25143 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 9.8 Critical |
| An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products. | ||||
| CVE-2023-25005 | 1 Autodesk | 1 Infraworks | 2024-11-21 | 7.8 High |
| A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability. | ||||
| CVE-2023-24591 | 1 Intel | 1 Binary Configuration Tool | 2024-11-21 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) Binary Configuration Tool software before version 3.4.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-24578 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 5.5 Medium |
| McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. This could enable a user with lower privileges to execute unauthorized tasks. | ||||
| CVE-2023-24016 | 2 Intel, Linux | 2 Quartus Prime, Linux Kernel | 2024-11-21 | 6.7 Medium |
| Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software for linux may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-23577 | 2 Intel, Ite Tech Consumer Infared Drivers For Intel Nuc | 4 Ite Tech Consumer Infrared Driver, Nuc 11 Enthusiast Kit Nuc11phki7c, Nuc 11 Enthusiast Mini Pc Nuc11phki7caa and 1 more | 2024-11-21 | 6.7 Medium |
| Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-23554 | 1 Sraoss | 1 Pg Ivm | 2024-11-21 | 8.8 High |
| Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner. | ||||
| CVE-2023-22947 | 2 Microsoft, Shibboleth | 2 Windows, Service Provider | 2024-11-21 | 7.3 High |
| Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake." | ||||
| CVE-2023-22841 | 2 Intel, System Firmware Update Utility For Some Intel Server Boards And Intel Server Systems Based On Intel 621a Chipset | 3 C621a, Server Firmware Update Utility, System Firmware Update Utility For Some Intel Server Boards And Intel Server Systems Based On Intel 621a Chipset | 2024-11-21 | 6.7 Medium |
| Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-22818 | 1 Westerndigital | 1 Sandisk Security Installer | 2024-11-21 | 7.3 High |
| Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution of arbitrary code with the privileges of the vulnerable application or obtain a certain level of persistence on the compromised host. | ||||
| CVE-2023-22358 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Edge | 2024-11-21 | 7.8 High |
| In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-22355 | 1 Intel | 29 Advisor, Cpu Runtime, Distribution For Python and 26 more | 2024-11-21 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-22283 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Edge | 2024-11-21 | 6.5 Medium |
| On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-1745 | 1 Pandora | 1 Kmplayer | 2024-11-21 | 5.3 Medium |
| A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224633 was assigned to this vulnerability. | ||||
| CVE-2023-0976 | 2 Apple, Trellix | 2 Macos, Agent | 2024-11-21 | 6.3 Medium |
| A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. The malicious file is executed by running the TA deployment feature located in the System Tree. | ||||