Total
976 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4770 | 2 4d, Microsoft | 3 4d, Server, Windows | 2024-11-21 | 6.5 Medium |
| An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution. | ||||
| CVE-2023-4632 | 1 Lenovo | 1 System Update | 2024-11-21 | 7.8 High |
| An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges. | ||||
| CVE-2023-47454 | 1 Netease | 1 Cloudmusic | 2024-11-21 | 7.8 High |
| An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory. | ||||
| CVE-2023-47452 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2024-11-21 | 7.8 High |
| An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory. | ||||
| CVE-2023-47113 | 2 Bleachbit, Microsoft | 2 Bleachbit, Windows | 2024-11-21 | 7.3 High |
| BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0. | ||||
| CVE-2023-46814 | 2 Microsoft, Videolan | 2 Windows, Vlc Media Player | 2024-11-21 | 7.8 High |
| A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM. | ||||
| CVE-2023-45252 | 2 Huddly, Microsoft | 2 Huddlycameraservice, Windows | 2024-11-21 | 7.8 High |
| DLL Hijacking vulnerability in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, due to the installation of the service in a directory that grants write privileges to standard users, allows attackers to manipulate files, execute arbitrary code, and escalate privileges. | ||||
| CVE-2023-44220 | 1 Sonicwall | 1 Netextender | 2024-11-21 | 7.3 High |
| SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system. | ||||
| CVE-2023-43751 | 1 Intel | 1 Graphics Windows Dch Driver Software | 2024-11-21 | 6.7 Medium |
| Uncontrolled search path in Intel(R) Graphics Command Center Service bundled in some Intel(R) Graphics Windows DCH driver software before versions 31.0.101.3790/31.0.101.2114 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-41790 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 7.6 High |
| Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773. | ||||
| CVE-2023-41787 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 6 Medium |
| Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows access to files with sensitive information. This issue affects Pandora FMS: from 700 through 772. | ||||
| CVE-2023-41613 | 2 Ezviz, Microsoft | 2 Ezviz Studio, Windows | 2024-11-21 | 7.8 High |
| EzViz Studio v2.2.0 is vulnerable to DLL hijacking. | ||||
| CVE-2023-41091 | 1 Intel | 1 Mpi Library | 2024-11-21 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) MPI Library Software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-40352 | 1 Mcafee | 1 Safe Connect | 2024-11-21 | 7.2 High |
| McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs. | ||||
| CVE-2023-40156 | 1 Intel | 1 System Support Utility | 2024-11-21 | 6.7 Medium |
| Uncontrolled search path element in some Intel(R) SSU software before version 3.0.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-40155 | 2024-11-21 | 6.7 Medium | ||
| Uncontrolled search path for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-3252 | 1 Tenable | 1 Nessus | 2024-11-21 | 6.8 Medium |
| An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition. | ||||
| CVE-2023-3091 | 1 Captura Project | 1 Captura | 2024-11-21 | 7 High |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Captura up to 8.0.0. It has been declared as critical. This vulnerability affects unknown code in the library CRYPTBASE.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation appears to be difficult. The identifier of this vulnerability is VDB-230668. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-3078 | 1 Lenovo | 1 Universal Device Client | 2024-11-21 | 7.8 High |
| An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. | ||||
| CVE-2023-39932 | 1 Intel | 1 System Usage Report For Gameplay | 2024-11-21 | 6.7 Medium |
| Uncontrolled search path in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow a privillaged user to potentially enable escalation of privilege via local access. | ||||