CVE & Exploit Intelligence Database

CVE-2023-32646 6.7 MEDIUM EPSS 0.00

Uncontrolled search path element in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Feb 14, 2024

CVE-2023-32618 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Feb 14, 2024

CVE-2023-28745 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in Intel(R) QSFP+ Configuration Utility software, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Feb 14, 2024

CVE-2023-28407 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Feb 14, 2024

CVE-2023-25779 6.7 MEDIUM EPSS 0.00

Uncontrolled search path element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Feb 14, 2024

CVE-2023-24591 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in some Intel(R) Binary Configuration Tool software before version 3.4.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Feb 14, 2024

CVE-2024-23054 9.8 CRITICAL 1 Writeup EPSS 0.04

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm).

CWE-427 Feb 05, 2024

CVE-2024-23940 7.8 HIGH EPSS 0.00

Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system.

CWE-427 Jan 29, 2024

CVE-2023-51711 7.8 HIGH EPSS 0.00

An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed.

CWE-427 Jan 24, 2024

CVE-2023-27859 6.5 MEDIUM EPSS 0.00

IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205.

CWE-427 Jan 22, 2024

CVE-2023-32272 7.9 HIGH EPSS 0.00

Uncontrolled search path in some Intel NUC Pro Software Suite Configuration Tool software installers before version 3.0.0.6 may allow an authenticated user to potentially enable denial of service via local access.

CWE-427 Jan 19, 2024

CVE-2023-6740 8.8 HIGH EPSS 0.00

Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

CWE-269 Jan 12, 2024

CVE-2023-29445 7.8 HIGH EPSS 0.00

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM.

CWE-427 Jan 10, 2024

CVE-2023-29444 6.3 MEDIUM EPSS 0.00

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution.

CWE-427 Jan 10, 2024

CVE-2023-41782 3.9 LOW EPSS 0.00

There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.

CWE-427 Jan 05, 2024

CVE-2023-6338 7.8 HIGH EPSS 0.00

Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.

CWE-427 Jan 03, 2024

CVE-2023-41780 6.4 MEDIUM EPSS 0.00

There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the  program  failed to adequately validate the user's input, an attacker could exploit this vulnerability  to escalate local privileges.

CWE-22 Jan 03, 2024

CVE-2023-43064 7.0 HIGH EPSS 0.00

Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause arbitrary code to run with the privilege of the user invoking the facsimile support. IBM X-Force ID: 267689.

CWE-427 Dec 25, 2023

CVE-2023-6891 5.3 MEDIUM EPSS 0.00

A vulnerability has been found in PeaZip 9.4.0 and classified as problematic. Affected by this vulnerability is an unknown functionality in the library dragdropfilesdll.dll of the component Library Handler. The manipulation leads to uncontrolled search path. An attack has to be approached locally. Upgrading to version 9.6.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248251. NOTE: Vendor was contacted early, confirmed the existence of the flaw and immediately worked on a patched release.

CWE-427 Dec 17, 2023

CVE-2023-31210 8.8 HIGH EPSS 0.00

Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries

CWE-427 Dec 13, 2023