Search Results (2568 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-47422 2 Adobe, Microsoft 2 Framemaker, Windows 2024-10-18 7.8 High
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious path into the search directories, which the application could unknowingly execute. This could allow the attacker to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction.
CVE-2024-30117 1 Hcltech 1 Bigfix Platform 2024-10-17 2.5 Low
A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.
CVE-2024-4089 1 Lenovo 1 Superfile 2024-10-17 7.8 High
A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges.
CVE-2024-4130 1 Lenovo 1 App Store 2024-10-17 7.8 High
A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges.
CVE-2024-4131 1 Lenovo 1 Emulator 2024-10-17 7.8 High
A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges.
CVE-2024-4132 1 Lenovo 1 Lock Screen 2024-10-17 7.8 High
A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges.
CVE-2024-9046 1 Lenovo 1 Starstudio 2024-10-17 7.8 High
A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges.
CVE-2024-47194 1 Siemens 2 Modelsim, Questa 2024-10-16 6.7 Medium
A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vish2.exe in affected applications allows a specific DLL file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vish2.exe from a user-writable directory.
CVE-2024-47195 1 Siemens 2 Modelsim, Questa 2024-10-16 6.7 Medium
A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). gdb.exe in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch gdb.exe from a user-writable directory.
CVE-2024-6510 1 Avg 1 Internet Security 2024-10-02 7.8 High
Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking.
CVE-2024-8996 2 Grafana, Microsoft 3 Agent, Agent Flow Windows, Windows 2024-10-01 7.3 High
Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2
CVE-2022-27592 1 Qnap 1 Qvr Smart Client 2024-09-24 6.7 Medium
An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors. We have already fixed the vulnerability in the following version: Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later
CVE-2024-34153 1 Intel 1 Raid Web Console 2024-09-23 6.7 Medium
Uncontrolled search path element in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-39613 1 Mattermost 1 Mattermost Desktop 2024-09-20 5.3 Medium
Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.
CVE-2024-20430 1 Cisco 2 Meraki Systems Manager, Meraki Systems Manager Agent 2024-09-18 7.3 High
A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.&nbsp; This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A successful exploit could allow the attacker to execute arbitrary code on the affected system with SYSTEM privileges.&nbsp;
CVE-2024-5290 2 Canonical, W1.fi 2 Ubuntu Linux, Wpa Supplicant 2024-09-18 8.8 High
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.
CVE-2024-5622 2 B And R Industrial Automotion, Br-automation 2 B And R Aprol, Industrial Automation Aprol 2024-09-13 7.8 High
An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges.
CVE-2024-5623 1 Br-automation 1 Industrial Automation Aprol 2024-09-13 7.8 High
An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges.
CVE-2024-8441 1 Ivanti 1 Endpoint Manager 2024-09-12 6.7 Medium
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.
CVE-2024-29015 1 Intel 2 Oneapi Base Toolkit, Vtune Profiler 2024-09-12 6.7 Medium
Uncontrolled search path in some Intel(R) VTune(TM) Profiler software before versions 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.