Total
492 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-16997 | 2 Gnu, Redhat | 4 Glibc, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. | |||||
CVE-2017-2265 | 1 Resume-next | 1 Filecapsule Deluxe Portable | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-11159 | 2 Microsoft, Synology | 2 Windows, Photo Station Uploader | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | |||||
CVE-2017-10893 | 1 J-lis | 1 The Public Certification Service For Individuals | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software" Ver3.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2016-7838 | 1 Winsparkle | 1 Winsparkle | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory. | |||||
CVE-2017-10850 | 1 Fujifilm | 2 Apeosport-vi, Docucentre-vi | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-12892 | 1 Foxitsoftware | 1 Pdf Compressor | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | |||||
CVE-2017-10824 | 1 Teikoku Databank | 1 Type A | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in TDB CA TypeA use software Version 5.2 and earlier, distributed until 10 August 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-2212 | 1 Gsi | 1 Tky2jgd | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in TKY2JGD (TKY2JGD1379.EXE) ver. 1.3.79 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-7642 | 1 Hashicorp | 1 Vagrant Vmware Fusion | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable. | |||||
CVE-2017-11748 | 1 Softonic | 1 Spider Player | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
VIT Spider Player 2.5.3 has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll, olepro32.dll, dsound.dll, or AUDIOSES.dll file. | |||||
CVE-2017-10830 | 1 Ntt | 1 Security Setup Tool | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-2188 | 1 Maff | 1 Denshinouhin Check System | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) 2014 March Edition (Ver.9.0.001.001) [Updated on 2017 June 9], (Ver.8.0.001.001) [Updated on 2016 May 31] and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-10863 | 1 Hitachi-solutions | 1 Confidential File Decryption | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10865. | |||||
CVE-2017-2208 | 1 Acquisition Technology And Logistics Agency | 1 Installer Of Electronic Tendering | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in Installer of Electronic tendering and bid opening system available prior to June 12, 2017 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory. | |||||
CVE-2017-10865 | 1 Hitachi-solutions | 1 Confidential File Decryption | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10863. | |||||
CVE-2017-2215 | 1 E-tax.nta | 1 E-tax | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in Installer of "Setup file of advance preparation" (jizen_setup.exe) (The version which was available on the website prior to 2017 June 12) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-2225 | 1 Mext | 1 Ebidsettingchecker | 2024-02-04 | 6.8 MEDIUM | 9.8 CRITICAL |
Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-2218 | 2 Apple, Microsoft | 2 Quicktime, Windows | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-5696 | 1 Intel | 1 Graphics Driver | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path in Intel Graphics Driver 15.40.x.x, 15.45.x.x, and 21.20.x.x allows unprivileged user to elevate privileges via local access. |