| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Uncontrolled Search Path Element vulnerability in Forcepoint FIE Endpoint allows Privilege Escalation, Code Injection, Hijacking a privileged process.This issue affects FIE Endpoint: before 25.05. |
| Uncontrolled search path for some EPCT software before version 1.42.8.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Uncontrolled search path in some Intel(R) oneAPI DPC++/C++ Compiler before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that allows write access by arbitrary unprivileged users. |
| Uncontrolled search path for the Intel(R) XTU software for Windows before version 7.14.2.14 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| The installers of DENSO TEN drive recorder viewer contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer. |
| Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.This issue affects Secure Content Manager: 23.4.
End-users can potentially exploit the vulnerability to execute malicious code in the trusted context of the thick-client application. |
| DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. |
| Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker Desktop: through 4.48.0. |
| Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Uncontrolled search path in some Intel(R) Ethernet Connection I219-LM install software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Uncontrolled search path element in some installation software for Intel(R) Ethernet Adapter Driver Pack before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges. |
| EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed with the privilege of the running program. Note that the developer was unreachable, therefore, users should consider stop using EasyRange Ver 1.41.
|
| ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory before the system path. A local, non-privileged user who can write to the folder containing clip_share.exe can place malicious DLLs there, leading to arbitrary code execution in the context of the server, and, if launched by an Administrator (or another elevated user), it results in a reliable local privilege escalation. This vulnerability is fixed in 3.8.5. |
| Uncontrolled search path for some Intel(R) Fortran Compiler Classic software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Uncontrolled search path for some Intel(R) Chipset Software Installation Utility before version 10.1.19867.8574 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by placing malicious libraries on WebDAV or SMB shares to execute unauthorized code. |
| Uncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S Setting Application all versions, MILCO.S Setting Application (IR) all versions, MILCO.S Easy Setting Application (IR) all versions, and MILCO.S Easy Switch Application (IR) all versions allows a local attacker to execute malicious code by having installer to load a malicious DLL. However, if the signer name "Mitsubishi Electric Lighting" appears on the "Digital Signatures" tab of the properties for "MILCO.S Lighting Control.exe", the application is a fixed one. This vulnerability only affects when the installer is run, not after installation. If a user downloads directly from Mitsubishi Electric website and installs the affected product, there is no risk of malicious code being introduced. |
