Export limit exceeded: 361784 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361784 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2561 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40156 | 1 Intel | 1 System Support Utility | 2024-11-21 | 6.7 Medium |
| Uncontrolled search path element in some Intel(R) SSU software before version 3.0.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-3792 | 1 Netentsec | 1 Application Security Gateway | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in Beijing Netcon NS-ASG 6.3. It has been classified as problematic. This affects an unknown part of the file /admin/test_status.php. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3438 | 1 Trellix | 1 Move | 2024-11-21 | 4.4 Medium |
| An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services. | ||||
| CVE-2023-3252 | 1 Tenable | 1 Nessus | 2024-11-21 | 6.8 Medium |
| An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition. | ||||
| CVE-2023-3091 | 1 Captura Project | 1 Captura | 2024-11-21 | 7 High |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Captura up to 8.0.0. It has been declared as critical. This vulnerability affects unknown code in the library CRYPTBASE.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation appears to be difficult. The identifier of this vulnerability is VDB-230668. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-3078 | 1 Lenovo | 1 Universal Device Client | 2024-11-21 | 7.8 High |
| An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. | ||||
| CVE-2023-39932 | 1 Intel | 1 System Usage Report For Gameplay | 2024-11-21 | 6.7 Medium |
| Uncontrolled search path in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow a privillaged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-39374 | 1 Forescout | 1 Secureconnector | 2024-11-21 | 7.8 High |
| ForeScout NAC SecureConnector version 11.2 - CWE-427: Uncontrolled Search Path Element | ||||
| CVE-2023-39212 | 1 Zoom | 1 Rooms | 2024-11-21 | 7.9 High |
| Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access. | ||||
| CVE-2023-39202 | 1 Zoom | 2 Rooms, Virtual Desktop Infrastructure | 2024-11-21 | 3.1 Low |
| Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access. | ||||
| CVE-2023-39201 | 1 Zoom | 1 Cleanzoom | 2024-11-21 | 7.2 High |
| Untrusted search path in CleanZoom before file date 07/24/2023 may allow a privileged user to conduct an escalation of privilege via local access. | ||||
| CVE-2023-38566 | 1 Intel | 1 Implicit Spmd Program Compiler | 2024-11-21 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) ISPC software before version 1.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-38408 | 3 Fedoraproject, Openbsd, Redhat | 9 Fedora, Openssh, Devworkspace and 6 more | 2024-11-21 | 9.8 Critical |
| The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. | ||||
| CVE-2023-37849 | 1 Watchguard | 1 Panda Security Vpn | 2024-11-21 | 6.5 Medium |
| A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows attackers to execute arbitrary code via placing a crafted DLL file in the same directory as PANDAVPN.exe. | ||||
| CVE-2023-37537 | 1 Hcltech | 1 Appscan Presence | 2024-11-21 | 7.8 High |
| An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. | ||||
| CVE-2023-37490 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 7.6 High |
| SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the confidentiality, integrity, and availability of the system | ||||
| CVE-2023-36853 | 1 Keysight | 1 Geolocation Server | 2024-11-21 | 7.8 High |
| In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges. | ||||
| CVE-2023-36658 | 1 Opswat | 2 Media Validation Agent, Metadefender Kiosk | 2024-11-21 | 7.8 High |
| An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally. | ||||
| CVE-2023-36540 | 1 Zoom | 1 Zoom | 2024-11-21 | 7.3 High |
| Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. | ||||
| CVE-2023-36538 | 1 Zoom | 1 Rooms | 2024-11-21 | 8.4 High |
| Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. | ||||