CVE & Exploit Intelligence Database

CVE-2022-41998 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 May 10, 2023

CVE-2022-41982 6.7 MEDIUM EPSS 0.00

Uncontrolled search path element in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 May 10, 2023

CVE-2022-41693 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-428 May 10, 2023

CVE-2022-41628 6.7 MEDIUM EPSS 0.00

Uncontrolled search path element in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 May 10, 2023

CVE-2022-38101 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-428 May 10, 2023

CVE-2022-34848 6.7 MEDIUM EPSS 0.00

Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-428 May 10, 2023

CVE-2022-32576 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in the Intel(R) Unite(R) Plugin SDK before version 4.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 May 10, 2023

CVE-2022-27180 4.2 MEDIUM EPSS 0.00

Uncontrolled search path in the Intel(R) MacCPUID software before version 3.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 May 10, 2023

CVE-2022-21162 6.7 MEDIUM EPSS 0.00

Uncontrolled search path for the Intel(R) HDMI Firmware Update tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 May 10, 2023

CVE-2023-30237 7.8 HIGH EPSS 0.00

CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DLL injection vulnerability via the component Dashboard.exe.

CWE-427 May 09, 2023

CVE-2023-2355 7.8 HIGH EPSS 0.00

Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900.

CWE-427 Apr 27, 2023

CVE-2023-29012 7.2 HIGH EPSS 0.00

Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. The problem has been patched in Git for Windows v2.40.1. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory.

CWE-427 Apr 25, 2023

CVE-2023-29011 7.5 HIGH EPSS 0.00

Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:\etc\connectrc`. Since `C:\etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder `etc` on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious `<drive>:\etc\connectrc` files on multi-user machines.

CWE-427 Apr 25, 2023

CVE-2022-34755 6.3 MEDIUM EPSS 0.00

A CWE-427 - Uncontrolled Search Path Element vulnerability exists that could allow an attacker with a local privileged account to place a specially crafted file on the target machine, which may give the attacker the ability to execute arbitrary code during the installation process initiated by a valid user. Affected Products: Easergy Builder Installer (1.7.23 and prior)

CWE-427 Apr 18, 2023

CVE-2023-28140 6.7 MEDIUM EPSS 0.00

An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library (DLL) via a local attack vector instead of the DLL that the application was expecting, when processes are running with escalated privileges. This vulnerability is bounded only to the time of uninstallation and can only be exploited locally. At the time of this disclosure, versions before 4.0 are classified as End of Life.

CWE-427 Apr 18, 2023

CVE-2023-29187 6.7 MEDIUM EPSS 0.00

A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup (Software Installation Program) - version 9.0, resulting in a privilege escalation running code as administrator of the very same Windows PC. A successful attack depends on various preconditions beyond the attackers control.

CWE-427 Apr 11, 2023

CVE-2022-48224 7.3 HIGH EPSS 0.00

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is installed with insecure permissions (full write access within Program Files). Standard users can replace files within this directory that get executed with elevated privileges, leading to a complete arbitrary code execution (elevation of privileges).

CWE-427 Apr 04, 2023

CVE-2022-48223 6.7 MEDIUM EPSS 0.00

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory.

CWE-427 Apr 04, 2023

CVE-2022-48222 7.8 HIGH EPSS 0.00

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges).

CWE-427 Apr 04, 2023

CVE-2022-48225 7.3 HIGH EPSS 0.00

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is used to install drivers from several different vendors. The Gemalto Document Reader child installation process is vulnerable to DLL hijacking, because it attempts to execute (with elevated privileges) multiple non-existent DLLs out of a non-existent standard-user writable location.

CWE-427 Apr 04, 2023