Total
476 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-4545 | 1 Ibm | 1 Aspera Connect | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183190. | |||||
CVE-2020-7315 | 1 Mcafee | 1 Mcafee Agent | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL. | |||||
CVE-2020-15722 | 1 360totalsecurity | 1 360 Total Security | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system. | |||||
CVE-2017-12580 | 1 Ultraedit | 1 Ultraedit | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploit the vulnerability, on unpatched Windows systems, an attacker could include in the same directory as the affected executable a DLL using the name of a Windows DLL. This DLL must be preloaded by the executable (for example, "ntmarta.dll"). When the installer EXE is executed by the user, the DLL located in the EXE's current directory will be loaded instead of the Windows DLL, allowing the attacker to run arbitrary code on the affected system. | |||||
CVE-2019-18996 | 1 Abb | 1 Pb610 Panel Builder 600 | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application’s context. | |||||
CVE-2019-17446 | 2 Eracent, Linux | 2 Epa Agent, Linux Kernel | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
An issue was discovered in Eracent EPA Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be used to start external programs with elevated permissions because of an Untrusted Search Path. | |||||
CVE-2019-18196 | 2 Microsoft, Teamviewer | 2 Windows, Teamviewer | 2024-02-04 | 6.9 MEDIUM | 6.7 MEDIUM |
A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 (fixed in 11.0.214397), 12.0.181268 (fixed in 12.0.214399), 13.2.36215 (fixed in 13.2.36216), and 14.6.4835 (fixed in 14.7.1965) on Windows could allow an attacker to perform code execution on a target system via a service restart where the DLL was previously installed with administrative privileges. Exploitation requires that an attacker be able to create a new file in the TeamViewer application directory; directory permissions restrict that by default. | |||||
CVE-2019-14599 | 1 Intel | 1 Control Center-i | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
Unquoted service path in Control Center-I version 2.1.0.0 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2019-7365 | 1 Autodesk | 1 Autodesk Desktop | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system. | |||||
CVE-2019-6189 | 1 Lenovo | 1 System Interface Foundation | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL. | |||||
CVE-2019-13357 | 1 Totaldefense | 1 Anti-virus | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
In Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used by caschelp.exe allows local attackers to hijack ccGUIFrm.dll, which leads to code execution. SYSTEM-level code execution can be achieved when the ccSchedulerSVC service runs the affected executable. | |||||
CVE-2014-3860 | 1 Xilisoft | 1 Video Converter | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability | |||||
CVE-2020-9418 | 2 Microsoft, Redsoftware | 2 Windows, Pdfescape | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
An untrusted search path vulnerability in the installer of PDFescape Desktop version 4.0.22 and earlier allows an attacker to gain privileges and execute code via DLL hijacking. | |||||
CVE-2020-8793 | 3 Canonical, Fedoraproject, Opensmtpd | 3 Ubuntu Linux, Fedora, Opensmtpd | 2024-02-04 | 4.7 MEDIUM | 4.7 MEDIUM |
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. | |||||
CVE-2013-3942 | 1 Daum | 1 Potplayer | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability | |||||
CVE-2019-8801 | 1 Apple | 2 Itunes, Mac Os X | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution. | |||||
CVE-2020-5958 | 2 Microsoft, Nvidia | 6 Windows, Geforce Experience, Quadro and 3 more | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure. | |||||
CVE-2016-6593 | 1 Symantec | 1 Vip Access Desktop | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code. | |||||
CVE-2019-18829 | 1 Barco | 2 Clickshare Button R9861500d01, Clickshare Button R9861500d01 Firmware | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed 'Clickshare_For_Windows.exe' binary on the ClickShare Button (R9861500D01) loads a number of DLL files dynamically without verifying their integrity. | |||||
CVE-2019-20456 | 2 Goverlan, Microsoft | 4 Client Agent, Reach Console, Reach Server and 1 more | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking. |