CVE & Exploit Intelligence Database

CVE-2024-23491 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Aug 14, 2024

CVE-2024-23489 6.7 MEDIUM EPSS 0.00

Uncontrolled search path for some Intel(R) VROC software before version 8.6.0.1191 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Aug 14, 2024

CVE-2024-22376 6.7 MEDIUM EPSS 0.00

Uncontrolled search path element in some installation software for Intel(R) Ethernet Adapter Driver Pack before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Aug 14, 2024

CVE-2024-22184 6.7 MEDIUM EPSS 0.00

Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition Design Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Aug 14, 2024

CVE-2024-21857 6.7 MEDIUM EPSS 0.00

Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Aug 14, 2024

CVE-2024-21784 6.7 MEDIUM EPSS 0.00

Uncontrolled search path for some Intel(R) IPP Cryptography software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Aug 14, 2024

CVE-2024-21769 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in some Intel(R) Ethernet Connection I219-LM install software may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Aug 14, 2024

CVE-2024-21766 6.7 MEDIUM EPSS 0.00

Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Aug 14, 2024

CVE-2023-31348 7.3 HIGH EPSS 0.00

A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

CWE-427 Aug 13, 2024

CVE-2024-7061 5.5 MEDIUM EPSS 0.00

Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. The vulnerability is fixed in Okta Verify for Windows version 5.0.2. To remediate this vulnerability, upgrade to 5.0.2 or greater.

CWE-22 Aug 07, 2024

CVE-2024-5290 8.8 HIGH EPSS 0.00

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.

CWE-427 Aug 07, 2024

CVE-2024-7326 7.8 HIGH EPSS 0.00

A vulnerability classified as critical has been found in IObit DualSafe Password Manager 1.4.0.3. This affects an unknown part in the library RTL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The identifier VDB-273249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CWE-427 Jul 31, 2024

CVE-2024-7325 7.8 HIGH EPSS 0.00

A vulnerability was found in IObit Driver Booster 11.0.0.0. It has been rated as critical. Affected by this issue is some unknown functionality in the library VCL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The identifier of this vulnerability is VDB-273248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CWE-427 Jul 31, 2024

CVE-2024-7324 7.8 HIGH EPSS 0.00

A vulnerability was found in IObit iTop Data Recovery Pro 4.4.0.687. It has been declared as critical. Affected by this vulnerability is an unknown functionality in the library madbasic_.bpl of the component BPL Handler. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The associated identifier of this vulnerability is VDB-273247. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CWE-427 Jul 31, 2024

CVE-2024-37142 7.3 HIGH EPSS 0.00

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege

CWE-427 Jul 31, 2024

CVE-2024-37127 7.8 HIGH EPSS 0.00

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege

CWE-427 Jul 31, 2024

CVE-2024-32857 7.3 HIGH EPSS 0.00

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege

CWE-427 Jul 31, 2024

CVE-2024-41817 7.0 HIGH 3 PoCs Analysis EPSS 0.19

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.

CWE-427 Jul 29, 2024

CVE-2024-7193 5.3 MEDIUM EPSS 0.00

A vulnerability has been found in Mp3tag up to 3.26d and classified as problematic. This vulnerability affects unknown code in the library tak_deco_lib.dll of the component DLL Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.26e is able to address this issue. It is recommended to upgrade the affected component. VDB-272614 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early, responded in a very professional manner and immediately released a fixed version of the affected product.

CWE-427 Jul 29, 2024

CVE-2024-39820 6.6 MEDIUM EPSS 0.00

Uncontrolled search path element in the installer for Zoom Workplace Desktop App for macOS before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access.

CWE-427 Jul 15, 2024