Vulnerabilities (CVE)

Filtered by CWE-427
Total 765 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-47195 1 Siemens 2 Modelsim, Questa 2024-10-16 N/A 7.3 HIGH
A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). gdb.exe in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch gdb.exe from a user-writable directory.
CVE-2024-47196 1 Siemens 2 Modelsim, Questa 2024-10-16 N/A 7.3 HIGH
A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vsimk.exe in affected applications allows a specific tcl file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vsimk.exe from a user-writable directory.
CVE-2024-33581 2024-10-15 N/A 7.8 HIGH
A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges.
CVE-2024-33580 2024-10-15 N/A 7.8 HIGH
A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges.
CVE-2024-33582 2024-10-15 N/A 7.8 HIGH
A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges.
CVE-2024-33579 2024-10-15 N/A 7.8 HIGH
A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges.
CVE-2024-33578 2024-10-15 N/A 7.8 HIGH
A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges.
CVE-2024-45246 2024-10-07 N/A 7.3 HIGH
Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element
CVE-2024-6510 1 Avg 1 Internet Security 2024-10-02 N/A 7.8 HIGH
Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking.
CVE-2024-34153 1 Intel 1 Raid Web Console 2024-09-23 N/A 7.8 HIGH
Uncontrolled search path element in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-39613 1 Mattermost 1 Mattermost Desktop 2024-09-20 N/A 7.8 HIGH
Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.
CVE-2024-34016 2024-09-20 N/A 6.5 MEDIUM
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235.
CVE-2024-20430 1 Cisco 1 Meraki Systems Manager 2024-09-18 N/A 7.3 HIGH
A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.&nbsp; This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A successful exploit could allow the attacker to execute arbitrary code on the affected system with SYSTEM privileges.&nbsp;
CVE-2024-44107 1 Ivanti 1 Workspace Control 2024-09-18 N/A 7.8 HIGH
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.
CVE-2024-5290 2 Canonical, W1.fi 2 Ubuntu Linux, Wpa Supplicant 2024-09-17 N/A 7.8 HIGH
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
CVE-2024-8441 1 Ivanti 1 Endpoint Manager 2024-09-12 N/A 6.7 MEDIUM
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.
CVE-2024-29015 1 Intel 2 Oneapi Base Toolkit, Vtune Profiler 2024-09-12 N/A 7.8 HIGH
Uncontrolled search path in some Intel(R) VTune(TM) Profiler software before versions 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-28887 1 Intel 2 Integrated Performance Primitives, Oneapi Base Toolkit 2024-09-12 N/A 7.8 HIGH
Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-24977 1 Intel 1 License Manager For Flexim 2024-09-12 N/A 7.8 HIGH
Uncontrolled search path for some Intel(R) License Manager for FLEXlm product software before version 11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-23489 1 Intel 1 Virtual Raid On Cpu 2024-09-12 N/A 7.3 HIGH
Uncontrolled search path for some Intel(R) VROC software before version 8.6.0.1191 may allow an authenticated user to potentially enable escalation of privilege via local access.