Total
492 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-5236 | 1 Rapid7 | 1 Appspider Pro | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | |||||
CVE-2017-2130 | 1 Securebrain | 1 Phishwall Client | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2016-6167 | 1 Putty | 1 Putty | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory. | |||||
CVE-2017-5232 | 1 Rapid7 | 1 Nexpose | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | |||||
CVE-2016-4900 | 1 Evernote | 1 Evernote | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2016-10009 | 1 Openbsd | 1 Openssh | 2024-02-04 | 7.5 HIGH | 7.3 HIGH |
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. | |||||
CVE-2016-9274 | 1 Git For Windows Project | 1 Git For Windows | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected. | |||||
CVE-2017-2156 | 1 Vivaldi | 1 Vivaldi Installer For Windows | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory. | |||||
CVE-2016-7085 | 2 Microsoft, Vmware | 3 Windows, Workstation Player, Workstation Pro | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2016-4901 | 1 National Tax Agency | 1 E-tax | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in The installer of e-Tax Software all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-6798 | 1 Trendmicro | 1 Endpoint Sensor | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote attackers to execute arbitrary code, aka Trend Micro Vulnerability Identifier 2015-0208. | |||||
CVE-2017-5234 | 1 Rapid7 | 1 Insight Collector | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | |||||
CVE-2017-6189 | 1 Amazon | 1 Kindle For Pc | 2024-02-04 | 4.4 MEDIUM | 7.3 HIGH |
Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working directory of the Kindle Setup installer. | |||||
CVE-2017-2149 | 1 Toshiba | 1 Flashair | 2024-02-04 | 9.3 HIGH | 8.8 HIGH |
Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2015-6305 | 2 Cisco, Microsoft | 2 Anyconnect Secure Mobility Client, Windows | 2024-02-04 | 7.2 HIGH | N/A |
Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by dbghelp.dll, aka Bug ID CSCuv01279. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4211. | |||||
CVE-2016-0014 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Elevation of Privilege Vulnerability." | |||||
CVE-2016-0016 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability." | |||||
CVE-2016-5330 | 3 Apple, Microsoft, Vmware | 7 Mac Os X, Windows, Esxi and 4 more | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
CVE-2016-0018 | 1 Microsoft | 5 Windows 10, Windows 7, Windows 8 and 2 more | 2024-02-04 | 6.9 MEDIUM | 7.3 HIGH |
Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability." | |||||
CVE-2015-3987 | 1 Mcafee | 1 Epo Deep Command | 2024-02-04 | 7.2 HIGH | N/A |
Multiple unquoted Windows search path vulnerabilities in the (1) Client Management and (2) Gateway in McAfee ePO Deep Command 2.1 and 2.2 before HF 1058831 allow local users to gain privileges via unspecified vectors. |