Total
976 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-48091 | 2025-02-10 | 7.8 High | ||
| Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL. | ||||
| CVE-2022-30548 | 1 Intel | 1 Glorp | 2025-02-05 | 6.7 Medium |
| Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-27638 | 1 Intel | 1 Advanced Link Analyzer | 2025-02-05 | 6.7 Medium |
| Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-27187 | 1 Intel | 1 Quartus Prime | 2025-02-05 | 6.7 Medium |
| Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-26086 | 1 Intel | 1 Gametechdev Presentmon | 2025-02-05 | 6.7 Medium |
| Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-22184 | 1 Intel | 2 Quartus Prime, Quartus Prime Pro | 2025-02-04 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition Design Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-38383 | 2 Intel, Microsoft | 3 Quartus Prime, Quartus Prime Pro, Windows | 2025-02-04 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition software for Windows before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-38668 | 2 Intel, Microsoft | 3 Quartus Prime, Quartus Prime Standard Edition Design Software, Windows | 2025-02-04 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) Quartus(R) Prime Standard Edition software for Windows before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-36253 | 2 Intel, Microsoft | 3 Sdp Software, Server Debug And Provisioning Tool, Windows | 2025-02-04 | 6.7 Medium |
| Uncontrolled search path in the Intel(R) SDP Tool for Windows software all version may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-36380 | 1 Intel | 7 Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb, Nuc Kit Nuc5pgyh and 4 more | 2025-02-04 | 6.7 Medium |
| Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-29011 | 1 Git For Windows Project | 1 Git For Windows | 2025-02-03 | 7.6 High |
| Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:\etc\connectrc`. Since `C:\etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder `etc` on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious `<drive>:\etc\connectrc` files on multi-user machines. | ||||
| CVE-2023-29012 | 1 Git For Windows Project | 1 Git For Windows | 2025-02-03 | 7.3 High |
| Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. The problem has been patched in Git for Windows v2.40.1. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory. | ||||
| CVE-2024-22450 | 1 Dell | 1 Alienware Command Center | 2025-01-31 | 7.4 High |
| Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise. | ||||
| CVE-2023-39254 | 1 Dell | 1 Update Package Framework | 2025-01-31 | 6.7 Medium |
| Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin. | ||||
| CVE-2023-2355 | 1 Acronis | 1 Snap Deploy | 2025-01-30 | 7.8 High |
| Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900. | ||||
| CVE-2023-30237 | 1 Cyberghostvpn | 1 Cyberghost | 2025-01-29 | 7.8 High |
| CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DLL injection vulnerability via the component Dashboard.exe. | ||||
| CVE-2022-26028 | 1 Intel | 1 Vtune Profiler | 2025-01-29 | 6.7 Medium |
| Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-33064 | 1 Intel | 1 System Studio | 2025-01-29 | 6.7 Medium |
| Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-21814 | 1 Intel | 1 Chipset Device Software | 2025-01-28 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-21837 | 1 Intel | 1 Quartus Prime | 2025-01-28 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||