Total
866 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28394 | 1 Trendmicro | 1 Password Manager | 2024-11-21 | 7.8 High |
| EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x). | ||||
| CVE-2022-28247 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 6.7 Medium |
| Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local privilege escalation. Exploitation of this issue requires user interaction in that a victim must run the uninstaller with Admin privileges. | ||||
| CVE-2022-28128 | 2 Hibara, Microsoft | 2 Attachecase, Windows | 2024-11-21 | 7.8 High |
| Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2022-27843 | 1 Samsung | 1 Kies | 2024-11-21 | 6.2 Medium |
| DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code. | ||||
| CVE-2022-27842 | 1 Samsung | 1 Smart Switch Pc | 2024-11-21 | 6.2 Medium |
| DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code. | ||||
| CVE-2022-26511 | 1 Kingsoft | 1 Wps Presentation | 2024-11-21 | 7.8 High |
| WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading). | ||||
| CVE-2022-26337 | 1 Trendmicro | 1 Password Manager | 2024-11-21 | 7.8 High |
| Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine. | ||||
| CVE-2022-26319 | 1 Trendmicro | 1 Portable Security | 2024-11-21 | 6.5 Medium |
| An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges. Please note: an attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-26081 | 1 Kingsoft | 1 Wps Office | 2024-11-21 | 7.8 High |
| The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. | ||||
| CVE-2022-25999 | 1 Intel | 1 Enpirion Digital Power Configurator Gui | 2024-11-21 | 7.8 High |
| Uncontrolled search path element in the Intel(R) Enpirion(R) Digital Power Configurator GUI software, all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-25969 | 1 Kingsoft | 1 Wps Office | 2024-11-21 | 7.8 High |
| The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. | ||||
| CVE-2022-25864 | 1 Intel | 1 Oneapi Math Kernel Library | 2024-11-21 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-25841 | 1 Intel | 1 Datacenter Group Event | 2024-11-21 | 7.8 High |
| Uncontrolled search path elements in the Intel(R) Datacenter Group Event Android application, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-25348 | 2 Hibara, Microsoft | 2 Attachecase, Windows | 2024-11-21 | 7.8 High |
| Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2022-25255 | 4 Linux, Opengroup, Qt and 1 more | 4 Linux Kernel, Unix, Qt and 1 more | 2024-11-21 | 7.8 High |
| In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. | ||||
| CVE-2022-25154 | 1 Samsung | 2 T5, T5 Firmware | 2024-11-21 | 7.3 High |
| A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows 7, 10, or 11 to exploit this vulnerability.) | ||||
| CVE-2022-24955 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2024-11-21 | 9.8 Critical |
| Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have an Uncontrolled Search Path Element for DLL files. | ||||
| CVE-2022-24767 | 2 Git For Windows Project, Microsoft | 4 Git For Windows, Visual Studio 2017, Visual Studio 2019 and 1 more | 2024-11-21 | 7.8 High |
| GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account. | ||||
| CVE-2022-24765 | 6 Apple, Debian, Fedoraproject and 3 more | 7 Xcode, Debian Linux, Fedora and 4 more | 2024-11-21 | 6 Medium |
| Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`. | ||||
| CVE-2022-24426 | 1 Dell | 3 Alienware Update, Command Update, Update | 2024-11-21 | 7.8 High |
| Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation. | ||||