Export limit exceeded: 361680 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2561 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36344 | 1 Justsystems | 60 Atok Medical 2, Atok Medical 3, Atok Pro 3 and 57 more | 2024-11-21 | 9.8 Critical |
| An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect. | ||||
| CVE-2022-36271 | 1 Outbyte | 1 Pc Repair | 2024-11-21 | 7.8 High |
| Outbyte PC Repair Installation File 1.7.112.7856 is vulnerable to Dll Hijacking. iertutil.dll is missing so an attacker can use a malicious dll with same name and can get admin privileges. | ||||
| CVE-2022-35899 | 2 Asus, Microsoft | 2 Aura Ready Game Software Development Kit, Windows | 2024-11-21 | 7.8 High |
| There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file. | ||||
| CVE-2022-35868 | 1 Siemens | 2 Tia Multiuser Server, Tia Project-server | 2024-11-21 | 6.7 Medium |
| A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path. | ||||
| CVE-2022-35292 | 1 Sap | 1 Business One | 2024-11-21 | 7.8 High |
| In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability. | ||||
| CVE-2022-34902 | 1 Parallels | 1 Parallels Access | 2024-11-21 | 7.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Desktop Control Agent service. The service loads Qt plugins from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-15787. | ||||
| CVE-2022-34901 | 1 Parallels | 1 Parallels Access | 2024-11-21 | 7.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. The service executes files from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16137. | ||||
| CVE-2022-34900 | 1 Parallels | 1 Parallels Access | 2024-11-21 | 7.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 (39313) Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Dispatcher service. The service loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-15213. | ||||
| CVE-2022-34574 | 1 Wavlink | 1 Wifi-repeater Firmware | 2024-11-21 | 5.7 Medium |
| An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing Tftpd32.ini. | ||||
| CVE-2022-34573 | 1 Wavlink | 1 Wifi-repeater Firmware | 2024-11-21 | 6.3 Medium |
| An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to arbitrarily configure device settings via accessing the page mb_wifibasic.shtml. | ||||
| CVE-2022-34572 | 1 Wavlink | 1 Wifi-repeater Firmware | 2024-11-21 | 5.7 Medium |
| An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt. | ||||
| CVE-2022-34571 | 1 Wavlink | 1 Wifi-repeater Firmware | 2024-11-21 | 8.0 High |
| An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the system key information and execute arbitrary commands via accessing the page syslog.shtml. | ||||
| CVE-2022-34570 | 1 Wavlink | 2 Wl-wn579x3, Wl-wn579x3 Firmware | 2024-11-21 | 7.5 High |
| WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page. | ||||
| CVE-2022-34101 | 1 Crestron | 1 Airmedia | 2024-11-21 | 7.8 High |
| A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack. | ||||
| CVE-2022-33037 | 1 Orwell-dev-cpp Project | 1 Orwell-dev-cpp | 2024-11-21 | 7.8 High |
| A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file. | ||||
| CVE-2022-33036 | 1 Embarcadero | 1 Dev-c\+\+ | 2024-11-21 | 7.8 High |
| A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file. | ||||
| CVE-2022-33035 | 1 Netsarang | 1 Xlpd | 2024-11-21 | 7.8 High |
| XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | ||||
| CVE-2022-32498 | 1 Dell | 1 Powerstore Command Line Interface | 2024-11-21 | 5.5 Medium |
| Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure. | ||||
| CVE-2022-31847 | 1 Wavlink | 2 Wn579x3, Wn579x3 Firmware | 2024-11-21 | 7.5 High |
| A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request. | ||||
| CVE-2022-31591 | 1 Sap | 1 Businessobjects Bw Publisher Service | 2024-11-21 | 7.8 High |
| SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service | ||||