Total
492 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-7884 | 1 Displaylink | 1 Core Software Cleaner | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launches a process as SYSTEM to uninstall the old version: cl_1956.exe is run as SYSTEM on the %systemroot%\Temp folder, where any user can write a DLL (e.g., version.dll) to perform DLL Hijacking and elevate privileges to SYSTEM. | |||||
CVE-2018-0515 | 1 Flets | 1 Azukeru Backup Tool | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-1711 | 1 Ibm | 2 Client Application Access, Notes | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532. | |||||
CVE-2018-0599 | 1 Microsoft | 1 Windows | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2018-0561 | 1 Securebrain | 1 Phishwall | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in The installer of PhishWall Client Internet Explorer edition Ver. 3.7.15 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2018-0594 | 1 Microsoft | 2 Skype, Windows | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2018-4927 | 3 Adobe, Apple, Microsoft | 3 Indesign, Mac Os X, Windows | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation. | |||||
CVE-2018-6475 | 1 Superantispyware | 1 Superantispyware | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges. | |||||
CVE-2018-1437 | 1 Ibm | 1 Notes | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary code on the system, caused by an error related to multiple untrusted search path. A local attacker could exploit this vulnerability to DLL hijacking to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 139565. | |||||
CVE-2018-6461 | 2 March-hare, Microsoft | 2 Wincvs, Windows | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory. | |||||
CVE-2018-0540 | 1 Vix Project | 1 Vix | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in ViX version 2.21.148.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-7327 | 1 Yandex | 1 Yandex Browser | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll. | |||||
CVE-2018-0609 | 1 Linecorp | 1 Line | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2018-0596 | 1 Microsoft | 1 Visual Studio Community | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2018-0507 | 1 Ntt-east | 2 Flet\'s Virus Clear Easy Setup \& Application Tool, Flet\'s Virus Clear V6 Easy Setup \& Application Tool | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2018-6306 | 1 Kaspersky | 1 Password Manager | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538. | |||||
CVE-2018-1435 | 1 Ibm | 1 Notes | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A remote attacker could trick a user to double click a malicious executable in an attacker-controlled directory, which could result in code execution. IBM X-Force ID: 139563. | |||||
CVE-2018-6513 | 1 Puppet | 2 Puppet, Puppet Enterprise | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2, were vulnerable to an attack where an unprivileged user on Windows agents could write custom facts that can escalate privileges on the next puppet run. This was possible through the loading of shared libraries from untrusted paths. | |||||
CVE-2018-0600 | 2 Microsoft, Sony | 2 Windows, Playmemories Home | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2018-1458 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM X-Force ID: 140209. |