Total
923 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0213 | 2 M-files, Microsoft | 2 M-files, Windows | 2024-11-21 | 8.8 High |
| Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking. | ||||
| CVE-2022-4956 | 1 Caphyon | 1 Advanced Installer | 2024-11-21 | 7.8 High |
| A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 19.7.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-240903. | ||||
| CVE-2022-4894 | 2 Hp, Samsung | 2046 1vr14a, 1vr14a Firmware, 209u7a and 2043 more | 2024-11-21 | 7.3 High |
| Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element. | ||||
| CVE-2022-47636 | 1 Outsystems | 1 Service Studio | 2024-11-21 | 7.8 High |
| A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user. | ||||
| CVE-2022-43456 | 2 Intel, Intel Rst Software | 2 Rapid Storage Technology, Intel Rst Software | 2024-11-21 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) RST software before versions 16.8.5.1014.5, 17.11.3.1010.2, 18.7.6.1011.2 and 19.5.2.1049.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-40978 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 7.5 High |
| The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking | ||||
| CVE-2022-39846 | 1 Samsung | 1 Smart Switch Pc | 2024-11-21 | 6.2 Medium |
| DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code. | ||||
| CVE-2022-38633 | 1 Genymobile | 1 Genymotion Desktop | 2024-11-21 | 7.8 High |
| Genymotion Desktop v3.2.1 was discovered to contain a DLL hijacking vulnerability which allows attackers to escalate privileges and execute arbitrary code via a crafted binary. | ||||
| CVE-2022-36840 | 1 Samsung | 1 Update | 2024-11-21 | 4.5 Medium |
| DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code. | ||||
| CVE-2022-36415 | 1 Scootersoftware | 1 Beyond Compare | 2024-11-21 | 7.8 High |
| A DLL hijacking vulnerability exists in the uninstaller in Scooter Beyond Compare 1.8a through 4.4.2 before 4.4.3 when installed via the EXE installer. The uninstaller attempts to load DLLs out of a Windows Temp folder. If a standard user places malicious DLLs in the C:\Windows\Temp\ folder, and then the uninstaller is run as SYSTEM, the DLLs will execute with elevated privileges. | ||||
| CVE-2022-36271 | 1 Outbyte | 1 Pc Repair | 2024-11-21 | 7.8 High |
| Outbyte PC Repair Installation File 1.7.112.7856 is vulnerable to Dll Hijacking. iertutil.dll is missing so an attacker can use a malicious dll with same name and can get admin privileges. | ||||
| CVE-2022-34902 | 1 Parallels | 1 Parallels Access | 2024-11-21 | 7.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Desktop Control Agent service. The service loads Qt plugins from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-15787. | ||||
| CVE-2022-34901 | 1 Parallels | 1 Parallels Access | 2024-11-21 | 7.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. The service executes files from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16137. | ||||
| CVE-2022-34900 | 1 Parallels | 1 Parallels Access | 2024-11-21 | 7.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 (39313) Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Dispatcher service. The service loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-15213. | ||||
| CVE-2022-34101 | 1 Crestron | 1 Airmedia | 2024-11-21 | 7.8 High |
| A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack. | ||||
| CVE-2022-33037 | 1 Orwell-dev-cpp Project | 1 Orwell-dev-cpp | 2024-11-21 | 7.8 High |
| A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file. | ||||
| CVE-2022-33036 | 1 Embarcadero | 1 Dev-c\+\+ | 2024-11-21 | 7.8 High |
| A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file. | ||||
| CVE-2022-33035 | 1 Netsarang | 1 Xlpd | 2024-11-21 | 7.8 High |
| XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | ||||
| CVE-2022-32498 | 1 Dell | 1 Powerstore Command Line Interface | 2024-11-21 | 5.5 Medium |
| Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure. | ||||
| CVE-2022-31467 | 1 Quickheal | 1 Total Security | 2024-11-21 | 7.9 High |
| A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature of the DLLs it tries to load. | ||||