Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-427
Total 498 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-36924 1 Zoom 1 Rooms 2022-11-21 N/A 7.8 HIGH
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.
CVE-2022-26086 1 Intel 1 Gametechdev Presentmon 2022-11-17 N/A 7.3 HIGH
Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-26028 1 Intel 1 Vtune Profiler 2022-11-17 N/A 7.3 HIGH
Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-30548 1 Intel 1 Glorp 2022-11-17 N/A 7.8 HIGH
Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-27638 1 Intel 1 Advanced Link Analyzer 2022-11-17 N/A 7.8 HIGH
Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-36380 1 Intel 7 Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb, Nuc Kit Nuc5pgyh and 4 more 2022-11-16 N/A 7.3 HIGH
Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-27187 1 Intel 1 Quartus Prime 2022-11-15 N/A 7.8 HIGH
Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2021-33064 1 Intel 1 System Studio 2022-11-15 N/A 7.8 HIGH
Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-43310 1 Foxitsoftware 1 Foxit Reader 2022-11-15 N/A 7.8 HIGH
An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path.
CVE-2022-34825 1 Nec 2 Expresscluster X, Expresscluster X Singleserversafe 2022-11-09 N/A 9.8 CRITICAL
Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.
CVE-2019-3881 1 Bundler 1 Bundler 2022-11-08 4.4 MEDIUM 7.8 HIGH
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.
CVE-2022-44744 1 Acronis 1 Cyber Protect Home Office 2022-11-08 N/A 7.3 HIGH
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
CVE-2017-20052 1 Python 1 Python 2022-11-04 4.4 MEDIUM 7.8 HIGH
A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-36840 1 Samsung 1 Update 2022-10-27 N/A 7.8 HIGH
DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code.
CVE-2021-37617 1 Nextcloud 1 Desktop 2022-10-25 4.4 MEDIUM 7.3 HIGH
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4, the Client searches the `Uninstall.exe` file in a folder that can be written by regular users. This could lead to a case where a malicious user creates a malicious `Uninstall.exe`, which would be executed with administrative privileges on the Nextcloud Desktop Client installation. This issue is fixed in Nextcloud Desktop Client version 3.3.0. As a workaround, do not allow untrusted users to create content in the `C:\` system folder and verify that there is no malicious `C:\Uninstall.exe` file on the system.
CVE-2020-25238 1 Siemens 2 Simatic Process Control System Neo, Totally Integrated Automation Portal 2022-10-21 7.2 HIGH 7.8 HIGH
A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system.
CVE-2022-33921 1 Dell 1 Geodrive 2022-10-14 N/A 7.8 HIGH
Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.
CVE-2022-32168 1 Notepad-plus-plus 1 Notepad\+\+ 2022-09-29 N/A 7.8 HIGH
Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.
CVE-2022-40978 1 Jetbrains 1 Intellij Idea 2022-09-21 N/A 7.8 HIGH
The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking
CVE-2022-39846 1 Samsung 1 Smart Switch Pc 2022-09-21 N/A 7.8 HIGH
DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code.