Search Results (2564 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-27094 1 Sony 1 Playmemories Home 2024-11-21 6.7 Medium
Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVE-2022-27089 1 Fujitsu 1 Plugfree Network 2024-11-21 7.8 High
In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level.
CVE-2022-27088 1 Ivanti 1 Dsm Remote 2024-11-21 7.8 High
Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges.
CVE-2022-27052 1 Freesshd 1 Freeftpd 2024-11-21 7.8 High
FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
CVE-2022-27050 2 Bitcomet, Microsoft 2 Bitcomet, Windows 2024-11-21 7.8 High
BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level.
CVE-2022-26777 1 Zohocorp 1 Manageengine Remote Access Plus 2024-11-21 5.3 Medium
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.
CVE-2022-26653 1 Zohocorp 1 Manageengine Remote Access Plus 2024-11-21 5.3 Medium
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator).
CVE-2022-26634 1 Hma 1 Hidemyass 2024-11-21 7.8 High
HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVE-2022-26511 1 Kingsoft 1 Wps Presentation 2024-11-21 7.8 High
WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading).
CVE-2022-26488 3 Microsoft, Netapp, Python 4 Windows, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 1 more 2024-11-21 7.0 High
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.
CVE-2022-26337 1 Trendmicro 1 Password Manager 2024-11-21 7.8 High
Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine.
CVE-2022-26319 1 Trendmicro 1 Portable Security 2024-11-21 6.5 Medium
An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges. Please note: an attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-26279 1 Eyoucms 1 Eyoucms 2024-11-21 9.8 Critical
EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.
CVE-2022-26184 2 Microsoft, Python-poetry 2 Windows, Poetry 2024-11-21 9.8 Critical
Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.
CVE-2022-26183 2 Microsoft, Pnpm 2 Windows, Pnpm 2024-11-21 8.8 High
PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.
CVE-2022-26159 1 Ametys 1 Ametys 2024-11-21 5.3 Medium
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.
CVE-2022-26081 1 Kingsoft 1 Wps Office 2024-11-21 7.8 High
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
CVE-2022-25969 1 Kingsoft 1 Wps Office 2024-11-21 7.8 High
The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
CVE-2022-25864 1 Intel 1 Oneapi Math Kernel Library 2024-11-21 6.7 Medium
Uncontrolled search path in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-25786 1 Secomea 1 Gatemanager 2024-11-21 4.9 Medium
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7.