CVE & Exploit Intelligence Database

CVE-2024-34164 6.7 MEDIUM EPSS 0.00

Uncontrolled search path element in some Intel(R) MAS software before version 2.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Nov 13, 2024

CVE-2024-34028 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in some Intel(R) Graphics Offline Compiler for OpenCL(TM) Code software for Windows before version 2024.1.0.142, graphics driver 31.0.101.5445 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Nov 13, 2024

CVE-2024-31407 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software for Intel(R) Quartus(R) Prime Pro Edition Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Nov 13, 2024

CVE-2024-28952 6.7 MEDIUM EPSS 0.00

Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Nov 13, 2024

CVE-2024-28950 6.7 MEDIUM EPSS 0.00

Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Nov 13, 2024

CVE-2024-28881 6.7 MEDIUM EPSS 0.00

Uncontrolled search path for some Intel(R) Fortran Compiler Classic software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Nov 13, 2024

CVE-2024-26017 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in some Intel(R) Rendering Toolkit software before version 2024.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Nov 13, 2024

CVE-2024-23312 6.7 MEDIUM EPSS 0.00

Uncontrolled search path for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Nov 13, 2024

CVE-2024-2208 8.8 HIGH EPSS 0.00

Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the potential vulnerabilities.

CWE-427 Nov 12, 2024

CVE-2024-2207 6.0 MEDIUM EPSS 0.00

Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the potential vulnerabilities.

CWE-427 Nov 12, 2024

CVE-2024-47942 7.3 HIGH EPSS 0.00

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system.

CWE-427 Nov 12, 2024

CVE-2024-10389 7.5 HIGH 1 Writeup EPSS 0.00

There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc

CWE-22 Nov 04, 2024

CVE-2024-50583 6.3 MEDIUM EPSS 0.00

Whale browser Installer before 3.1.0.0 allows an attacker to execute a malicious DLL in the user environment due to improper permission settings.

CWE-427 Oct 25, 2024

CVE-2024-48605 7.8 HIGH 2 PoCs Analysis EPSS 0.07

An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file.

CWE-427 Oct 22, 2024

CVE-2024-10093 7.8 HIGH EPSS 0.00

A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE-427 Oct 17, 2024

CVE-2024-10068 7.8 HIGH EPSS 0.00

A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. It has been classified as critical. Affected is an unknown function in the library libcrypto-1_1.dll of the file FlashFXP.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE-427 Oct 17, 2024

CVE-2024-49391 7.3 HIGH EPSS 0.00

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.

CWE-427 Oct 17, 2024

CVE-2024-49390 7.3 HIGH EPSS 0.00

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.

CWE-427 Oct 17, 2024

CVE-2024-45710 7.8 HIGH EPSS 0.00

SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine.

CWE-427 Oct 16, 2024

CVE-2024-30117 2.5 LOW EPSS 0.00

A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.

CWE-427 Oct 14, 2024