Export limit exceeded: 362508 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (2564 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-36840 1 Samsung 1 Update 2024-11-21 4.5 Medium
DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code.
CVE-2022-36415 1 Scootersoftware 1 Beyond Compare 2024-11-21 7.8 High
A DLL hijacking vulnerability exists in the uninstaller in Scooter Beyond Compare 1.8a through 4.4.2 before 4.4.3 when installed via the EXE installer. The uninstaller attempts to load DLLs out of a Windows Temp folder. If a standard user places malicious DLLs in the C:\Windows\Temp\ folder, and then the uninstaller is run as SYSTEM, the DLLs will execute with elevated privileges.
CVE-2022-36403 1 Ricoh 1 Device Software Manager 2024-11-21 7.8 High
Untrusted search path vulnerability in the installer of Device Software Manager prior to Ver.2.20.3.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2022-36344 1 Justsystems 60 Atok Medical 2, Atok Medical 3, Atok Pro 3 and 57 more 2024-11-21 9.8 Critical
An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.
CVE-2022-36271 1 Outbyte 1 Pc Repair 2024-11-21 7.8 High
Outbyte PC Repair Installation File 1.7.112.7856 is vulnerable to Dll Hijacking. iertutil.dll is missing so an attacker can use a malicious dll with same name and can get admin privileges.
CVE-2022-35899 2 Asus, Microsoft 2 Aura Ready Game Software Development Kit, Windows 2024-11-21 7.8 High
There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.
CVE-2022-35868 1 Siemens 2 Tia Multiuser Server, Tia Project-server 2024-11-21 6.7 Medium
A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.
CVE-2022-35292 1 Sap 1 Business One 2024-11-21 7.8 High
In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability.
CVE-2022-34902 1 Parallels 1 Parallels Access 2024-11-21 7.8 High
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Desktop Control Agent service. The service loads Qt plugins from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-15787.
CVE-2022-34901 1 Parallels 1 Parallels Access 2024-11-21 7.8 High
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. The service executes files from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16137.
CVE-2022-34900 1 Parallels 1 Parallels Access 2024-11-21 7.8 High
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 (39313) Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Dispatcher service. The service loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-15213.
CVE-2022-34574 1 Wavlink 1 Wifi-repeater Firmware 2024-11-21 5.7 Medium
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing Tftpd32.ini.
CVE-2022-34573 1 Wavlink 1 Wifi-repeater Firmware 2024-11-21 6.3 Medium
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to arbitrarily configure device settings via accessing the page mb_wifibasic.shtml.
CVE-2022-34572 1 Wavlink 1 Wifi-repeater Firmware 2024-11-21 5.7 Medium
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt.
CVE-2022-34571 1 Wavlink 1 Wifi-repeater Firmware 2024-11-21 8.0 High
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the system key information and execute arbitrary commands via accessing the page syslog.shtml.
CVE-2022-34570 1 Wavlink 2 Wl-wn579x3, Wl-wn579x3 Firmware 2024-11-21 7.5 High
WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page.
CVE-2022-34101 1 Crestron 1 Airmedia 2024-11-21 7.8 High
A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack.
CVE-2022-33037 1 Orwell-dev-cpp Project 1 Orwell-dev-cpp 2024-11-21 7.8 High
A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file.
CVE-2022-33036 1 Embarcadero 1 Dev-c\+\+ 2024-11-21 7.8 High
A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file.
CVE-2022-33035 1 Netsarang 1 Xlpd 2024-11-21 7.8 High
XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.