Total
819 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22184 | 1 Intel | 1 Quartus Prime | 2025-02-04 | N/A | 6.7 MEDIUM |
| Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition Design Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-38383 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2025-02-04 | N/A | 6.7 MEDIUM |
| Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition software for Windows before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-38668 | 2 Intel, Microsoft | 2 Quartus Prime, Windows | 2025-02-04 | N/A | 6.7 MEDIUM |
| Uncontrolled search path for some Intel(R) Quartus(R) Prime Standard Edition software for Windows before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-36253 | 2 Intel, Microsoft | 2 Server Debug And Provisioning Tool, Windows | 2025-02-04 | N/A | 6.7 MEDIUM |
| Uncontrolled search path in the Intel(R) SDP Tool for Windows software all version may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-22450 | 1 Dell | 1 Alienware Command Center | 2025-01-31 | N/A | 7.4 HIGH |
| Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise. | |||||
| CVE-2023-39254 | 1 Dell | 1 Update Package Framework | 2025-01-31 | N/A | 6.7 MEDIUM |
| Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin. | |||||
| CVE-2024-2658 | 2025-01-30 | N/A | N/A | ||
| A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges. | |||||
| CVE-2023-30237 | 1 Cyberghostvpn | 1 Cyberghost | 2025-01-29 | N/A | 7.8 HIGH |
| CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DLL injection vulnerability via the component Dashboard.exe. | |||||
| CVE-2024-21814 | 1 Intel | 1 Chipset Device Software | 2025-01-28 | N/A | 6.7 MEDIUM |
| Uncontrolled search path for some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21837 | 1 Intel | 1 Quartus Prime | 2025-01-28 | N/A | 6.7 MEDIUM |
| Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21777 | 1 Intel | 1 Quartus Prime | 2025-01-28 | N/A | 6.7 MEDIUM |
| Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro Edition Design software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-21862 | 1 Intel | 1 Quartus Prime | 2025-01-28 | N/A | 6.7 MEDIUM |
| Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-45743 | 1 Intel | 1 Driver \& Support Assistant | 2025-01-28 | N/A | 6.7 MEDIUM |
| Uncontrolled search path in some Intel(R) DSA software uninstallers before version 23.4.39.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-25005 | 1 Autodesk | 1 Infraworks | 2025-01-27 | N/A | 7.8 HIGH |
| A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability. | |||||
| CVE-2024-53588 | 2025-01-24 | N/A | 7.8 HIGH | ||
| A DLL hijacking vulnerability in iTop VPN v16.0 allows attackers to execute arbitrary code via placing a crafted DLL file into the path \ProgramData\iTop VPN\Downloader\vpn6. | |||||
| CVE-2023-25428 | 1 Soft-o | 1 Free Password Manager | 2025-01-24 | N/A | 7.8 HIGH |
| A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution. | |||||
| CVE-2024-9497 | 2025-01-24 | N/A | 8.6 HIGH | ||
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | |||||
| CVE-2024-9495 | 2025-01-24 | N/A | 8.6 HIGH | ||
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | |||||
| CVE-2024-9494 | 2025-01-24 | N/A | 8.6 HIGH | ||
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210 VCP Win 2k installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | |||||
| CVE-2024-9493 | 2025-01-24 | N/A | 8.6 HIGH | ||
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the ToolStick installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | |||||