Total
880 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38136 | 1 Intel | 1 Oneapi Dpc\+\+\/c\+\+ Compiler | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler for Windows and Intel Fortran Compiler for Windows before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-38101 | 1 Intel | 3 Iflashv, Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-37340 | 1 Intel | 1 Quickassist Technology | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-37329 | 1 Intel | 2 Fpga Software Development Kit, Quartus Prime | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36930 | 1 Zoom | 1 Rooms | 2024-11-21 | N/A | 8.8 HIGH |
| Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user. | |||||
| CVE-2022-36924 | 1 Zoom | 1 Rooms | 2024-11-21 | N/A | 8.8 HIGH |
| The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user. | |||||
| CVE-2022-36840 | 1 Samsung | 1 Update | 2024-11-21 | N/A | 4.5 MEDIUM |
| DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code. | |||||
| CVE-2022-36415 | 1 Scootersoftware | 1 Beyond Compare | 2024-11-21 | N/A | 7.8 HIGH |
| A DLL hijacking vulnerability exists in the uninstaller in Scooter Beyond Compare 1.8a through 4.4.2 before 4.4.3 when installed via the EXE installer. The uninstaller attempts to load DLLs out of a Windows Temp folder. If a standard user places malicious DLLs in the C:\Windows\Temp\ folder, and then the uninstaller is run as SYSTEM, the DLLs will execute with elevated privileges. | |||||
| CVE-2022-36398 | 1 Intel | 1 Battery Life Diagnostic Tool | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36271 | 1 Outbyte | 1 Pc Repair | 2024-11-21 | N/A | 7.8 HIGH |
| Outbyte PC Repair Installation File 1.7.112.7856 is vulnerable to Dll Hijacking. iertutil.dll is missing so an attacker can use a malicious dll with same name and can get admin privileges. | |||||
| CVE-2022-34902 | 1 Parallels | 1 Parallels Access | 2024-11-21 | N/A | 7.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Desktop Control Agent service. The service loads Qt plugins from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-15787. | |||||
| CVE-2022-34901 | 1 Parallels | 1 Parallels Access | 2024-11-21 | N/A | 7.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. The service executes files from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16137. | |||||
| CVE-2022-34900 | 1 Parallels | 1 Parallels Access | 2024-11-21 | N/A | 7.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 (39313) Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Dispatcher service. The service loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-15213. | |||||
| CVE-2022-34848 | 1 Intel | 1 Nuc Pro Software Suite | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-34825 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2024-11-21 | N/A | 9.8 CRITICAL |
| Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. | |||||
| CVE-2022-34755 | 1 Schneider-electric | 1 Easergy Builder Installer | 2024-11-21 | N/A | 6.3 MEDIUM |
| A CWE-427 - Uncontrolled Search Path Element vulnerability exists that could allow an attacker with a local privileged account to place a specially crafted file on the target machine, which may give the attacker the ability to execute arbitrary code during the installation process initiated by a valid user. Affected Products: Easergy Builder Installer (1.7.23 and prior) | |||||
| CVE-2022-34396 | 1 Dell | 1 Openmanage Server Administrator | 2024-11-21 | N/A | 7.0 HIGH |
| Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise. | |||||
| CVE-2022-34235 | 3 Adobe, Apple, Microsoft | 3 Premiere Elements, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| Adobe Premiere Elements version 2020v20 (and earlier) is affected by an Uncontrolled Search Path Element which could lead to Privilege Escalation. An attacker could leverage this vulnerability to obtain admin using an existing low-privileged user. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-34101 | 1 Crestron | 1 Airmedia | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack. | |||||
| CVE-2022-33921 | 1 Dell | 1 Geodrive | 2024-11-21 | N/A | 7.0 HIGH |
| Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. | |||||