CVE & Exploit Intelligence Database

CVE-2023-33874 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in some Intel(R) NUC 12 Pro Kits & Mini PCs - NUC12WS Intel(R) HID Event Filter Driver installation software before version 2.2.2.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Nov 14, 2023

CVE-2023-32660 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in some Intel(R) NUC Kit NUC6i7KYK Thunderbolt(TM) 3 Firmware Update Tool installation software before version 46 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Nov 14, 2023

CVE-2023-29504 6.7 MEDIUM EPSS 0.00

Uncontrolled search path element in some Intel(R) RealSense(TM) Dynamic Calibration software before version 2.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Nov 14, 2023

CVE-2023-29161 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Nov 14, 2023

CVE-2023-28740 6.7 MEDIUM EPSS 0.00

Uncontrolled search path element in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Nov 14, 2023

CVE-2023-28388 6.7 MEDIUM EPSS 0.00

Uncontrolled search path element in some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Nov 14, 2023

CVE-2023-27513 6.7 MEDIUM EPSS 0.00

Uncontrolled search path element in some Intel(R) Server Information Retrieval Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Nov 14, 2023

CVE-2023-4632 7.8 HIGH EPSS 0.00

An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.

CWE-427 Nov 08, 2023

CVE-2023-47113 7.3 HIGH EPSS 0.00

BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0.

CWE-427 Nov 08, 2023

CVE-2023-0898 5.3 MEDIUM EPSS 0.00

General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application.

CWE-427 Nov 07, 2023

CVE-2023-31027 8.2 HIGH EPSS 0.00

NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges.

CWE-427 Nov 02, 2023

CVE-2023-31016 7.3 HIGH EPSS 0.00

NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

CWE-427 Nov 02, 2023

CVE-2023-44220 7.3 HIGH EPSS 0.00

SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.

CWE-427 Oct 27, 2023

CVE-2023-4936 5.5 MEDIUM EPSS 0.00

It is possible to sideload a compromised DLL during the installation at elevated privilege.

CWE-269 Oct 11, 2023

CVE-2023-5463 7.8 HIGH EPSS 0.00

A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been rated as critical. Affected by this issue is some unknown functionality in the library cfgmgr32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-241586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CWE-427 Oct 09, 2023

CVE-2023-45248 7.3 HIGH EPSS 0.00

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391.

CWE-427 Oct 09, 2023

CVE-2023-35897 8.4 HIGH EPSS 0.00

IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246.

CWE-427 Oct 06, 2023

CVE-2022-4956 7.8 HIGH EPSS 0.00

A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 19.7.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-240903.

CWE-427 Sep 30, 2023

CVE-2023-41929 7.3 HIGH EPSS 0.00

A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows to exploit this vulnerability.)

CWE-427 Sep 18, 2023

CVE-2023-39374 7.8 HIGH EPSS 0.00

ForeScout NAC SecureConnector version 11.2 - CWE-427: Uncontrolled Search Path Element

CWE-427 Sep 03, 2023