Total
498 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-1824 | 1 Mcafee | 1 Consumer Product Removal Tool | 2022-06-28 | 4.4 MEDIUM | 8.2 HIGH |
An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. This could result in the user gaining elevated permissions and being able to execute arbitrary code as there were insufficient checks on the executable being signed by McAfee. | |||||
CVE-2022-22788 | 1 Zoom | 2 Meetings, Rooms | 2022-06-27 | 6.9 MEDIUM | 7.8 HIGH |
The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host. | |||||
CVE-2017-20051 | 1 Jrsoftware | 1 Inno Setup | 2022-06-27 | 4.4 MEDIUM | 7.8 HIGH |
A vulnerability was found in InnoSetup Installer. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to uncontrolled search path. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2022-24077 | 1 Naver | 1 Cloud Explorer | 2022-06-21 | 6.9 MEDIUM | 7.8 HIGH |
Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection. | |||||
CVE-2022-29092 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2022-06-17 | 7.2 HIGH | 7.8 HIGH |
Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system. | |||||
CVE-2017-20018 | 1 Apachefriends | 1 Xampp | 2022-06-17 | 4.4 MEDIUM | 7.8 HIGH |
A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely. | |||||
CVE-2022-30744 | 1 Samsung | 1 Kies | 2022-06-13 | 4.4 MEDIUM | 7.8 HIGH |
DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code. | |||||
CVE-2022-30701 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2022-06-08 | 7.2 HIGH | 7.8 HIGH |
An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
CVE-2022-28394 | 1 Trendmicro | 1 Password Manager | 2022-06-08 | 6.9 MEDIUM | 7.8 HIGH |
EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x). | |||||
CVE-2021-40161 | 1 Autodesk | 13 Advance Steel, Autocad, Autocad Architecture and 10 more | 2022-06-04 | 4.4 MEDIUM | 7.8 HIGH |
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version. | |||||
CVE-2022-31467 | 1 Quickheal | 1 Total Security | 2022-06-02 | 4.4 MEDIUM | 7.3 HIGH |
A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature of the DLLs it tries to load. | |||||
CVE-2022-30696 | 1 Acronis | 1 Snap Deploy | 2022-05-24 | 4.4 MEDIUM | 7.8 HIGH |
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 | |||||
CVE-2022-22139 | 1 Intel | 1 Extreme Tuning Utility | 2022-05-23 | 4.4 MEDIUM | 7.3 HIGH |
Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-24426 | 1 Dell | 3 Alienware Update, Command Update, Update | 2022-05-23 | 7.2 HIGH | 7.8 HIGH |
Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation. | |||||
CVE-2022-0025 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2022-05-23 | 7.2 HIGH | 6.7 MEDIUM |
A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts: All versions of the Cortex XDR agent when upgrading to Cortex XDR agent 7.7.0 on Windows; Cortex XDR agent 7.7.0 without content update 500 or a later version on Windows. This issue does not impact other platforms or other versions of the Cortex XDR agent. | |||||
CVE-2021-28955 | 1 Git-bug Project | 1 Git-bug | 2022-05-20 | 7.5 HIGH | 9.8 CRITICAL |
git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows). | |||||
CVE-2022-28247 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-05-19 | 4.4 MEDIUM | 7.3 HIGH |
Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local privilege escalation. Exploitation of this issue requires user interaction in that a victim must run the uninstaller with Admin privileges. | |||||
CVE-2021-34606 | 1 Xinje | 1 Xd\/e Series Plc Program Tool | 2022-05-19 | 6.9 MEDIUM | 7.3 HIGH |
A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL. Local access is required to successfully exploit this vulnerability. This means the potential attacker must have access to the system and sufficient file-write privileges. If exploited, the attacker could place a malicious DLL file on the system, that when running XINJE XD/E Series PLC Program Tool will allow the attacker to execute arbitrary code with the privileges of another user's account. | |||||
CVE-2021-42743 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2022-05-17 | 4.6 MEDIUM | 7.8 HIGH |
A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows. | |||||
CVE-2019-4588 | 2 Ibm, Microsoft | 2 Db2, Windows | 2022-05-13 | 4.4 MEDIUM | 7.8 HIGH |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. |