Lucene search

K

Windows Search Security Vulnerabilities

cve
cve

CVE-2023-43751

Uncontrolled search path in Intel(R) Graphics Command Center Service bundled in some Intel(R) Graphics Windows DCH driver software before versions 31.0.101.3790/31.0.101.2114 may allow an authenticated user to potentially enable escalation of privilege via local...

6.7CVSS

7AI Score

0.0004EPSS

2024-05-16 09:15 PM
27
cve
cve

CVE-2024-30033

Windows Search Service Elevation of Privilege...

7CVSS

6.7AI Score

0.0005EPSS

2024-05-14 05:17 PM
70
cve
cve

CVE-2023-25779

Uncontrolled search path element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local...

6.7CVSS

6.7AI Score

0.0004EPSS

2024-02-14 02:15 PM
10
cve
cve

CVE-2023-24542

Unquoted search path or element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local...

6.7CVSS

6.7AI Score

0.0004EPSS

2024-02-14 02:15 PM
9
cve
cve

CVE-2020-24682

Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from...

7.8CVSS

7.6AI Score

0.0004EPSS

2024-02-02 08:15 AM
9
cve
cve

CVE-2023-47039

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system.....

7.8CVSS

7.9AI Score

0.0004EPSS

2024-01-02 06:15 AM
46
cve
cve

CVE-2023-4770

An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code...

7.8CVSS

7.8AI Score

0.001EPSS

2023-11-30 02:15 PM
15
cve
cve

CVE-2023-6235

An uncontrolled search path element vulnerability has been found in the Duet Display product, affecting version 2.5.9.1. An attacker could place an arbitrary libusk.dll file in the C:\Users\user\AppData\Local\Microsoft\WindowsApps\ directory, which could lead to the execution and persistence of...

7.8CVSS

7.7AI Score

0.001EPSS

2023-11-21 01:15 PM
13
cve
cve

CVE-2023-22818

Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution of arbitrary code.....

7.8CVSS

7.9AI Score

0.001EPSS

2023-11-15 08:15 PM
15
cve
cve

CVE-2023-39202

Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local...

5.5CVSS

5.3AI Score

0.0004EPSS

2023-11-14 11:15 PM
14
cve
cve

CVE-2023-29165

Unquoted search path or element in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local...

7.3CVSS

7.3AI Score

0.0004EPSS

2023-11-14 07:15 PM
30
cve
cve

CVE-2023-28740

Uncontrolled search path element in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local...

7.8CVSS

7.7AI Score

0.0004EPSS

2023-11-14 07:15 PM
19
cve
cve

CVE-2023-36394

Windows Search Service Elevation of Privilege...

7CVSS

8AI Score

0.0005EPSS

2023-11-14 06:15 PM
95
cve
cve

CVE-2023-31016

NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data...

7.8CVSS

8AI Score

0.001EPSS

2023-11-02 07:15 PM
42
cve
cve

CVE-2023-36564

Windows Search Security Feature Bypass...

6.5CVSS

6.8AI Score

0.001EPSS

2023-10-10 06:15 PM
328
cve
cve

CVE-2023-34391

Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details. This issue...

7.4CVSS

5.6AI Score

0.0004EPSS

2023-08-31 04:15 PM
11
cve
cve

CVE-2023-29299

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Untrusted Search Path vulnerability that could lead to Application denial-of-service. An attacker could leverage this vulnerability if the default PowerShell Set-ExecutionPolicy is set to...

4.7CVSS

5.2AI Score

0.001EPSS

2023-08-10 02:15 PM
33
cve
cve

CVE-2023-39212

Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local...

7.9CVSS

5.3AI Score

0.0004EPSS

2023-08-08 10:15 PM
15
cve
cve

CVE-2023-36540

Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local...

7.8CVSS

7.9AI Score

0.0004EPSS

2023-08-08 06:15 PM
15
cve
cve

CVE-2023-36884

Windows Search Remote Code Execution...

7.5CVSS

8.3AI Score

0.227EPSS

2023-07-11 07:15 PM
1010
In Wild
cve
cve

CVE-2023-36536

Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local...

8.2CVSS

7.7AI Score

0.0004EPSS

2023-07-11 06:15 PM
9
cve
cve

CVE-2023-34144

An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...

7.8CVSS

7.6AI Score

0.001EPSS

2023-06-26 10:15 PM
29
cve
cve

CVE-2023-34145

An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...

7.8CVSS

7.6AI Score

0.001EPSS

2023-06-26 10:15 PM
18
cve
cve

CVE-2022-41628

Uncontrolled search path element in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-05-10 02:15 PM
10
cve
cve

CVE-2023-29012

Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed doskey.exe would be executed silently upon running Git CMD. The problem has....

7.8CVSS

7.7AI Score

0.001EPSS

2023-04-25 09:15 PM
70
cve
cve

CVE-2023-24671

VX Search v13.8 and v14.7 was discovered to contain an unquoted service path vulnerability which allows attackers to execute arbitrary commands at elevated privileges via a crafted executable...

7.8CVSS

8.5AI Score

0.0004EPSS

2023-03-16 12:15 PM
18
cve
cve

CVE-2023-25143

An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected...

9.8CVSS

9.5AI Score

0.004EPSS

2023-03-10 09:15 PM
24
cve
cve

CVE-2022-37340

Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local...

7.3CVSS

7.3AI Score

0.0004EPSS

2023-02-16 09:15 PM
18
cve
cve

CVE-2023-22368

Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified...

7.8CVSS

7.7AI Score

0.001EPSS

2023-02-15 01:15 AM
21
cve
cve

CVE-2022-31611

NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to...

7.3CVSS

7.5AI Score

0.0004EPSS

2023-02-07 03:15 AM
40
cve
cve

CVE-2022-38136

Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler for Windows and Intel Fortran Compiler for Windows before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local...

7.3CVSS

7.3AI Score

0.0004EPSS

2023-02-06 07:15 PM
17
cve
cve

CVE-2022-41953

Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it,...

8.6CVSS

7.4AI Score

0.001EPSS

2023-01-17 10:15 PM
40
cve
cve

CVE-2022-4258

In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the...

7.8CVSS

7.7AI Score

0.0004EPSS

2023-01-16 10:15 AM
35
cve
cve

CVE-2022-45432

Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS...

5.3CVSS

5.4AI Score

0.001EPSS

2022-12-27 06:15 PM
30
cve
cve

CVE-2022-34478

The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release...

6.5CVSS

6.7AI Score

0.001EPSS

2022-12-22 08:15 PM
98
In Wild
2
cve
cve

CVE-2022-40746

IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this...

7.2CVSS

6.6AI Score

0.0004EPSS

2022-11-21 06:15 PM
39
3
cve
cve

CVE-2022-36380

Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local...

7.3CVSS

7.3AI Score

0.0004EPSS

2022-11-11 04:15 PM
30
5
cve
cve

CVE-2022-36384

Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local...

7.3CVSS

7.3AI Score

0.0004EPSS

2022-11-11 04:15 PM
31
5
cve
cve

CVE-2022-3734

A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been...

9.8CVSS

9.5AI Score

0.002EPSS

2022-10-28 08:15 AM
40
3
cve
cve

CVE-2022-41796

Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified...

7.8CVSS

7.7AI Score

0.001EPSS

2022-10-24 02:15 PM
769
8
cve
cve

CVE-2010-4182

Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute...

7.4AI Score

0.053EPSS

2022-10-03 04:21 PM
25
cve
cve

CVE-2011-1821

IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 on Windows allows remote authenticated users to cause a denial of service (daemon hang) via a cn=changelog...

6.2AI Score

0.001EPSS

2022-10-03 04:15 PM
19
cve
cve

CVE-2022-34235

Adobe Premiere Elements version 2020v20 (and earlier) is affected by an Uncontrolled Search Path Element which could lead to Privilege Escalation. An attacker could leverage this vulnerability to obtain admin using an existing low-privileged user. Exploitation of this issue does not require user...

7.8CVSS

7.3AI Score

0.001EPSS

2022-08-11 03:15 PM
32
3
cve
cve

CVE-2016-15003

A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated....

7.8CVSS

7.9AI Score

0.001EPSS

2022-07-18 09:15 AM
23
4
cve
cve

CVE-2022-32223

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf”...

7.3CVSS

7AI Score

0.001EPSS

2022-07-14 03:15 PM
97
6
cve
cve

CVE-2017-20123

A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be...

8.8CVSS

7.7AI Score

0.001EPSS

2022-06-30 05:15 AM
53
7
cve
cve

CVE-2022-30701

An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the...

7.8CVSS

7.6AI Score

0.0004EPSS

2022-05-27 12:15 AM
44
3
cve
cve

CVE-2022-28247

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local privilege escalation. Exploitation of this issue requires user interaction in that a victim must run...

7.3CVSS

6.8AI Score

0.0005EPSS

2022-05-11 06:15 PM
63
5
cve
cve

CVE-2022-28779

Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary...

7.8CVSS

7.7AI Score

0.0004EPSS

2022-04-11 08:15 PM
47
cve
cve

CVE-2022-28128

Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified...

7.8CVSS

8AI Score

0.001EPSS

2022-03-31 08:15 AM
63
Total number of security vulnerabilities1875