CVE & Exploit Intelligence Database

CVE-2022-36398 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Feb 16, 2023

CVE-2022-26512 6.7 MEDIUM EPSS 0.00

Uncontrolled search path element in the Intel(R) FPGA Add-on for Intel(R) oneAPI Base Toolkit before version 2022.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Feb 16, 2023

CVE-2022-26425 6.7 MEDIUM EPSS 0.00

Uncontrolled search path element in the Intel(R) oneAPI Collective Communications Library (oneCCL) before version 2021.6 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Feb 16, 2023

CVE-2022-26421 6.7 MEDIUM EPSS 0.00

Uncontrolled search path element in the Intel(R) oneAPI DPC++/C++ Compiler Runtime before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Feb 16, 2023

CVE-2022-26345 6.7 MEDIUM EPSS 0.00

Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Feb 16, 2023

CVE-2022-26076 6.7 MEDIUM EPSS 0.00

Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Network (oneDNN) before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Feb 16, 2023

CVE-2022-26062 6.7 MEDIUM EPSS 0.00

Uncontrolled search path element in the Intel(R) Trace Analyzer and Collector before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Feb 16, 2023

CVE-2022-26052 6.7 MEDIUM EPSS 0.00

Uncontrolled search path element in the Intel(R) MPI Library before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Feb 16, 2023

CVE-2022-26032 6.7 MEDIUM EPSS 0.00

Uncontrolled search path element in the Intel(R) Distribution for Python programming language before version 2022.1 for Intel(R) oneAPI Toolkits may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Feb 16, 2023

CVE-2022-25905 6.7 MEDIUM EPSS 0.00

Uncontrolled search path element in the Intel(R) oneAPI Data Analytics Library (oneDAL) before version 2021.5 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Feb 16, 2023

CVE-2022-48077 7.8 HIGH 1 Writeup EPSS 0.00

Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vulnerability that allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.

CWE-427 Feb 13, 2023

CVE-2022-43440 8.8 HIGH EPSS 0.00

Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable

CWE-427 Feb 09, 2023

CVE-2022-31611 6.8 MEDIUM EPSS 0.00

NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution.

CWE-427 Feb 07, 2023

CVE-2022-38136 6.7 MEDIUM EPSS 0.00

Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler for Windows and Intel Fortran Compiler for Windows before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-427 Feb 06, 2023

CVE-2023-0400 5.9 MEDIUM 1 PoC Analysis EPSS 0.00

The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.

CWE-427 Feb 02, 2023

CVE-2023-22358 7.8 HIGH EPSS 0.00

In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CWE-427 Feb 01, 2023

CVE-2023-22283 6.5 MEDIUM EPSS 0.00

On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CWE-427 Feb 01, 2023

CVE-2022-34396 7.0 HIGH EPSS 0.00

Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise.

CWE-427 Feb 01, 2023

CVE-2022-47632 6.8 MEDIUM EPSS 0.00

Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if the malicious DLLs are unsigned, it suffices to use self-signed DLLs. The validity of the DLL signatures is not checked. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.

CWE-427 Jan 27, 2023

CVE-2022-41141 7.8 HIGH EPSS 0.00

This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16859.

CWE-427 Jan 26, 2023