Total
477 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15974 | 1 Adobe | 1 Framemaker | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2018-12245 | 1 Symantec | 1 Endpoint Protection | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note that this particular type of exploit only manifests at install time; no remediation is required for software that has already been installed. This issue only impacted the Trialware media for Symantec Endpoint Protection, which has since been updated. | |||||
| CVE-2018-19486 | 3 Canonical, Git-scm, Linux | 3 Ubuntu Linux, Git, Linux Kernel | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. | |||||
| CVE-2018-7365 | 1 Zte | 2 Usmartview, Zxcloud Irai | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations. | |||||
| CVE-2018-16189 | 2 Micco, Microsoft | 2 Unlha32.dll, Windows | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Self-Extracting Archives created by UNLHA32.DLL prior to Ver 3.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2019-5912 | 2 Micco, Microsoft | 2 Unarj32.dll, Windows | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of UNARJ32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0619 | 1 Glarysoft | 1 Glary Utilities | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-15983 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2018-0667 | 1 Mnc | 2 Inplc-rt Sdk Express, Inplc Sdk Pro\+ | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Installer of INplc SDK Express 3.08 and earlier and Installer of INplc SDK Pro+ 3.08 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0656 | 1 Sony | 1 Digital Paper App | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-16176 | 1 Jaea | 1 Mapping Tool | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Installer of Mapping Tool 2.0.1.6 and 2.0.1.7 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-10904 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume. | |||||
| CVE-2018-10875 | 4 Canonical, Debian, Redhat and 1 more | 11 Ubuntu Linux, Debian Linux, Ansible Engine and 8 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. | |||||
| CVE-2018-17980 | 1 Nomachine | 1 Nomachine | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed. (The directory could, in general, be on a local filesystem or a network share.). | |||||
| CVE-2018-0692 | 1 Baidu | 1 Spark Browser | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0624 | 1 Yayoi-kk | 6 Aoiro Shinkoku, Hanbai, Kaikei and 3 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products. | |||||
| CVE-2018-0621 | 1 Logitech | 1 Connection Utility Software | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOFTWARE versions before 2.30.9 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-0620 | 1 Logitech | 1 Game Software | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in LOGICOOL Game Software versions before 8.87.116 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-18629 | 1 Keybase | 1 Keybase | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary. | |||||
| CVE-2018-1888 | 1 Ibm | 1 I Access | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| An untrusted search path vulnerability in IBM i Access for Windows versions 7.1 and earlier on Windows can allow arbitrary code execution via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. IBM X-Force ID: 152079. | |||||