Total
702 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26076 | 1 Intel | 1 Oneapi Deep Neural Network | 2023-02-28 | N/A | 7.3 HIGH |
| Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Network (oneDNN) before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-26345 | 1 Intel | 1 Openmp | 2023-02-28 | N/A | 7.3 HIGH |
| Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-26421 | 1 Intel | 1 Oneapi Dpc\+\+\/c\+\+ Compiler Runtime | 2023-02-28 | N/A | 7.3 HIGH |
| Uncontrolled search path element in the Intel(R) oneAPI DPC++/C++ Compiler Runtime before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-26425 | 1 Intel | 1 Oneapi Collective Communications Library | 2023-02-28 | N/A | 7.3 HIGH |
| Uncontrolled search path element in the Intel(R) oneAPI Collective Communications Library (oneCCL) before version 2021.6 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-26512 | 1 Intel | 1 Fpga Add-on | 2023-02-28 | N/A | 7.3 HIGH |
| Uncontrolled search path element in the Intel(R) FPGA Add-on for Intel(R) oneAPI Base Toolkit before version 2022.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-32972 | 1 Infoblox | 1 Bloxone Endpoint | 2023-02-25 | N/A | 7.8 HIGH |
| Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation. | |||||
| CVE-2022-48077 | 1 Genymotion | 1 Genymotion Desktop | 2023-02-21 | N/A | 7.8 HIGH |
| Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vulnerability that allows attackers to escalate privileges and execute arbitrary code via a crafted DLL. | |||||
| CVE-2022-43440 | 1 Tribe29 | 1 Checkmk | 2023-02-16 | N/A | 7.8 HIGH |
| Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable | |||||
| CVE-2022-41141 | 1 Windscribe | 1 Windscribe | 2023-02-03 | N/A | 7.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16859. | |||||
| CVE-2019-4473 | 1 Ibm | 1 Java | 2023-01-31 | 4.6 MEDIUM | 7.8 HIGH |
| Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984. | |||||
| CVE-2019-6564 | 1 Ge | 1 Ge Communicator | 2023-01-31 | 6.9 MEDIUM | 7.8 HIGH |
| GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade. | |||||
| CVE-2019-6534 | 1 Gemalto | 1 Sentinel Ultrapro Client Library | 2023-01-31 | 6.8 MEDIUM | 7.8 HIGH |
| The uncontrolled search path element vulnerability in Gemalto Sentinel UltraPro Client Library ux32w.dll Versions 1.3.0, 1.3.1, and 1.3.2 enables an attacker to load and execute a malicious file. | |||||
| CVE-2020-25502 | 1 Cybereason | 1 Endpoint Detection And Response | 2023-01-30 | N/A | 7.8 HIGH |
| Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with elevated privileges. | |||||
| CVE-2019-4094 | 2 Ibm, Linux | 2 Db2, Linux Kernel | 2023-01-30 | 7.2 HIGH | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014. | |||||
| CVE-2020-12423 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2023-01-30 | 6.9 MEDIUM | 7.8 HIGH |
| When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* This vulnerability affects Firefox < 78. | |||||
| CVE-2020-14349 | 2 Opensuse, Postgresql | 2 Leap, Postgresql | 2023-01-24 | 4.6 MEDIUM | 7.1 HIGH |
| It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication. | |||||
| CVE-2023-0247 | 1 Bloom Project | 1 Bloom | 2023-01-20 | N/A | 7.8 HIGH |
| Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1. | |||||
| CVE-2022-36930 | 1 Zoom | 1 Rooms | 2023-01-13 | N/A | 7.8 HIGH |
| Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user. | |||||
| CVE-2022-44939 | 1 Echatserver | 1 Easy Chat Server | 2023-01-12 | N/A | 7.8 HIGH |
| Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL. | |||||
| CVE-2022-46330 | 1 Squirrel.windows Project | 1 Squirrel.windows | 2023-01-04 | N/A | 7.8 HIGH |
| Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer. | |||||