Total
888 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1890 | 1 Ibm | 1 Sdk | 2025-02-13 | N/A |
| IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081. | ||||
| CVE-2024-42492 | 2025-02-13 | 6.7 Medium | ||
| Uncontrolled search path element in some BIOS and System Firmware Update Package for Intel(R) Server M50FCP family before version R01.02.0002 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-38745 | 2 Apache, Redhat | 2 Openoffice, Enterprise Linux | 2025-02-13 | 7.8 High |
| Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory. | ||||
| CVE-2024-9490 | 2025-02-12 | 8.6 High | ||
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||||
| CVE-2024-9491 | 2025-02-12 | 8.6 High | ||
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||||
| CVE-2023-31361 | 2025-02-12 | 7.3 High | ||
| A DLL hijacking vulnerability in AMD Integrated Management Technology (AIM-T) Manageability Service could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | ||||
| CVE-2024-57426 | 2025-02-11 | 7.3 High | ||
| NetMod VPN Client 5.3.1 is vulnerable to DLL injection, allowing an attacker to execute arbitrary code by placing a malicious DLL in a directory where the application loads dependencies. This vulnerability arises due to the improper validation of dynamically loaded libraries. | ||||
| CVE-2025-21127 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2025-02-11 | 7.8 High |
| Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. An attacker could manipulate the search path environment variable to point to a malicious library, resulting in the execution of arbitrary code when the application loads. Exploitation of this issue requires user interaction in that a victim must run the vulnerable application. | ||||
| CVE-2024-53977 | 2025-02-11 | 6.7 Medium | ||
| A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V2025.1). An example setup script contained in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch the script from a user-writable directory. | ||||
| CVE-2024-48091 | 2025-02-10 | 7.8 High | ||
| Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL. | ||||
| CVE-2022-30548 | 1 Intel | 1 Glorp | 2025-02-05 | 6.7 Medium |
| Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-27638 | 1 Intel | 1 Advanced Link Analyzer | 2025-02-05 | 6.7 Medium |
| Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-27187 | 1 Intel | 1 Quartus Prime | 2025-02-05 | 6.7 Medium |
| Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-26086 | 1 Intel | 1 Gametechdev Presentmon | 2025-02-05 | 6.7 Medium |
| Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-22184 | 1 Intel | 2 Quartus Prime, Quartus Prime Pro | 2025-02-04 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition Design Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-38383 | 2 Intel, Microsoft | 3 Quartus Prime, Quartus Prime Pro, Windows | 2025-02-04 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition software for Windows before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-38668 | 2 Intel, Microsoft | 3 Quartus Prime, Quartus Prime Standard Edition Design Software, Windows | 2025-02-04 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) Quartus(R) Prime Standard Edition software for Windows before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-36253 | 2 Intel, Microsoft | 3 Sdp Software, Server Debug And Provisioning Tool, Windows | 2025-02-04 | 6.7 Medium |
| Uncontrolled search path in the Intel(R) SDP Tool for Windows software all version may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-36380 | 1 Intel | 7 Nuc 8 Rugged Kit Nuc8cchkr, Nuc Board Nuc8cchb, Nuc Kit Nuc5pgyh and 4 more | 2025-02-04 | 6.7 Medium |
| Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-29011 | 1 Git For Windows Project | 1 Git For Windows | 2025-02-03 | 7.6 High |
| Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:\etc\connectrc`. Since `C:\etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder `etc` on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious `<drive>:\etc\connectrc` files on multi-user machines. | ||||