Total
702 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26032 | 1 Intel | 1 Distribution For Python | 2023-04-07 | N/A | 7.3 HIGH |
| Uncontrolled search path element in the Intel(R) Distribution for Python programming language before version 2022.1 for Intel(R) oneAPI Toolkits may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-28686 | 1 Aveva | 1 Aveva Edge | 2023-04-05 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17114. | |||||
| CVE-2022-28688 | 1 Aveva | 1 Aveva Edge | 2023-04-05 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17201. | |||||
| CVE-2022-28687 | 1 Aveva | 1 Aveva Edge | 2023-04-05 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16257. | |||||
| CVE-2023-0213 | 2 M-files, Microsoft | 2 M-files, Windows | 2023-04-05 | N/A | 7.8 HIGH |
| Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking. | |||||
| CVE-2023-28596 | 1 Zoom | 1 Meetings | 2023-04-03 | N/A | 7.8 HIGH |
| Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to privileges to root. | |||||
| CVE-2019-5631 | 1 Rapid7 | 1 Insightappsec | 2023-03-29 | 9.3 HIGH | 7.8 HIGH |
| The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product. If exploited, a local user of the system (who must already be authenticated to the operating system) can elevate their privileges with this vulnerability to the privilege level of InsightAppSec (usually, SYSTEM). This issue affects version 2019.06.24 and prior versions of the product. | |||||
| CVE-2019-1794 | 1 Cisco | 1 Meeting Server | 2023-03-24 | 3.6 LOW | 5.1 MEDIUM |
| A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources. | |||||
| CVE-2023-24578 | 1 Mcafee | 1 Total Protection | 2023-03-22 | N/A | 5.5 MEDIUM |
| McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. This could enable a user with lower privileges to execute unauthorized tasks. | |||||
| CVE-2021-31637 | 1 Uwamp Project | 1 Uwamp | 2023-03-22 | N/A | 7.8 HIGH |
| An issue found in UwAmp v.1.1, 1.2, 1.3, 2.0, 2.1, 2.2, 2.2.1, 3.0.0, 3.0.1, 3.0.2 allows a remote attacker to execute arbitrary code via a crafted DLL. | |||||
| CVE-2022-38136 | 1 Intel | 1 Oneapi Dpc\+\+\/c\+\+ Compiler | 2023-03-17 | N/A | 7.3 HIGH |
| Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler for Windows and Intel Fortran Compiler for Windows before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-25143 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-03-15 | N/A | 9.8 CRITICAL |
| An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products. | |||||
| CVE-2023-23554 | 1 Sraoss | 1 Pg Ivm | 2023-03-14 | N/A | 8.8 HIGH |
| Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner. | |||||
| CVE-2022-37329 | 1 Intel | 2 Fpga Software Development Kit, Quartus Prime | 2023-03-06 | N/A | 7.3 HIGH |
| Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-37340 | 1 Intel | 1 Quickassist Technology | 2023-03-06 | N/A | 7.3 HIGH |
| Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41314 | 1 Intel | 16 Administrative Tools For Intel Network Adapters, Ethernet Controller E810, Ethernet Network Adapter E810-cqda1 and 13 more | 2023-03-06 | N/A | 7.8 HIGH |
| Uncontrolled search path in some Intel(R) Network Adapter installer software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36398 | 1 Intel | 1 Battery Life Diagnostic Tool | 2023-03-02 | N/A | 7.8 HIGH |
| Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-25905 | 1 Intel | 1 Oneapi Data Analytics Library | 2023-02-28 | N/A | 7.3 HIGH |
| Uncontrolled search path element in the Intel(R) oneAPI Data Analytics Library (oneDAL) before version 2021.5 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-26052 | 1 Intel | 1 Mpi Library | 2023-02-28 | N/A | 7.3 HIGH |
| Uncontrolled search path element in the Intel(R) MPI Library before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-26062 | 1 Intel | 1 Trace Analyzer And Collector | 2023-02-28 | N/A | 7.3 HIGH |
| Uncontrolled search path element in the Intel(R) Trace Analyzer and Collector before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||