CVE & Exploit Intelligence Database

CVE-2024-38330 7.0 HIGH EPSS 0.00

IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227.

CWE-427 Jul 08, 2024

CVE-2024-1182 7.0 HIGH EPSS 0.00

Uncontrolled Search Path Element vulnerability in Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric GENESIS32 all versions, and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature.

CWE-427 Jul 04, 2024

CVE-2024-39708 7.0 HIGH EPSS 0.00

An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory (used by .NET Shadow Copies) such that privilege escalation can occur if the core agent service loads that file.

CWE-427 Jun 28, 2024

CVE-2024-34116 7.1 HIGH EPSS 0.00

Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to load and execute malicious libraries, leading to arbitrary file delete. Exploitation of this issue requires user interaction.

CWE-427 Jun 13, 2024

CVE-2024-37130 7.3 HIGH EPSS 0.00

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain full control of the machine. Exploitation may lead to a complete system compromise.

CWE-427 Jun 11, 2024

CVE-2024-5509 7.8 HIGH EPSS 0.05

Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BIP files. The issue results from loading a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22738.

CWE-427 Jun 06, 2024

CVE-2024-5292 7.8 HIGH EPSS 0.00

D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DNACore service. The service loads a file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21426.

CWE-427 May 23, 2024

CVE-2024-22379 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 May 16, 2024

CVE-2024-21862 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 May 16, 2024

CVE-2024-21861 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 May 16, 2024

CVE-2024-21843 6.7 MEDIUM EPSS 0.00

Uncontrolled search path for some Intel(R) Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 May 16, 2024

CVE-2024-21841 6.7 MEDIUM EPSS 0.00

Uncontrolled search path for some Intel(R) Distribution for GDB software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 May 16, 2024

CVE-2024-21837 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 May 16, 2024

CVE-2024-21831 6.7 MEDIUM EPSS 0.01

Uncontrolled search path in some Intel(R) Processor Diagnostic Tool software before version 4.1.9.41 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 May 16, 2024

CVE-2024-21818 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 May 16, 2024

CVE-2024-21814 6.7 MEDIUM EPSS 0.00

Uncontrolled search path for some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 May 16, 2024

CVE-2024-21788 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in some Intel(R) GPA software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 May 16, 2024

CVE-2024-21777 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro Edition Design software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 May 16, 2024

CVE-2024-21774 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in some Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 May 16, 2024

CVE-2024-21772 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in some Intel(R) Advisor software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 May 16, 2024