Search
Total
429 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-10850 | 1 Fujifilm | 2 Apeosport-vi, Docucentre-vi | 2021-04-23 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2021-29221 | 2 Erlang, Microsoft | 2 Erlang\/otp, Windows | 2021-04-20 | 6.2 MEDIUM | 7.0 HIGH |
| A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions. | |||||
| CVE-2021-3146 | 2 Dolby, Microsoft | 5 Audio X2, Exchange Server, Visual C\+\+ and 2 more | 2021-04-14 | 4.6 MEDIUM | 7.8 HIGH |
| The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges. | |||||
| CVE-2021-28246 | 1 Broadcom | 1 Ehealth | 2021-03-29 | 4.4 MEDIUM | 7.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-29482 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2021-03-16 | 4.9 MEDIUM | 6.0 MEDIUM |
| An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily using absolute paths. oxenstored imposes a pathname limit that is applied solely to the relative or absolute path specified by the client. Therefore, a guest can create paths in its own namespace which are too long for management tools to access. Depending on the toolstack in use, a malicious guest administrator might cause some management tools and debugging operations to fail. For example, a guest administrator can cause "xenstore-ls -r" to fail. However, a guest administrator cannot prevent the host administrator from tearing down the domain. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable. | |||||
| CVE-2018-16156 | 1 Fujitsu | 1 Paperstream Ip \(twain\) | 2021-03-04 | 7.2 HIGH | 7.8 HIGH |
| In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes an exported function named ChangeUninstallString. The default install does not contain this library and therefore if any DLL with that name exists in any directory listed in the PATH variable, it can be used to escalate to SYSTEM level privilege. | |||||
| CVE-2021-22980 | 1 F5 | 2 Access Policy Manager Clients, Big-ip Access Policy Manager | 2021-02-19 | 6.9 MEDIUM | 7.8 HIGH |
| In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory. User interaction is required to exploit this vulnerability in that the victim must run this utility on the Windows system. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2021-21237 | 1 Git Large File Storage Project | 1 Git Large File Storage | 2021-01-29 | 4.6 MEDIUM | 7.8 HIGH |
| Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. This is the result of an incomplete fix for CVE-2020-27955. This issue occurs because on Windows, Go includes (and prefers) the current directory when the name of a command run does not contain a directory separator. Other than avoiding untrusted repositories or using a different operating system, there is no workaround. This is fixed in v2.13.2. | |||||
| CVE-2020-35686 | 1 Soundresearch | 1 Dchu Model Software Component Modules | 2021-01-21 | 4.4 MEDIUM | 7.8 HIGH |
| The SECOMN service in Sound Research DCHU model software component modules (APO) through 2.0.9.17, delivered on HP Windows 10 computers, may allow escalation of privilege via a fake DLL. (As a resolution, Windows Update is being submitted for all affected products to update to 2.0.9.18 or later.) | |||||
| CVE-2017-5233 | 1 Rapid7 | 1 Appspider Pro | 2021-01-08 | 6.8 MEDIUM | 7.8 HIGH |
| Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | |||||
| CVE-2018-10959 | 1 Beyondtrust | 1 Avecto Defendpoint | 2020-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch. | |||||
| CVE-2020-4739 | 2 Ibm, Microsoft | 2 Db2, Windows | 2020-12-03 | 6.9 MEDIUM | 7.8 HIGH |
| IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149. | |||||
| CVE-2020-27695 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ Security 2020, Internet Security 2020 and 2 more | 2020-12-01 | 6.9 MEDIUM | 7.8 HIGH |
| Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product. | |||||
| CVE-2020-6014 | 1 Checkpoint | 1 Endpoint Security | 2020-11-19 | 4.4 MEDIUM | 6.5 MEDIUM |
| Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate. | |||||
| CVE-2010-3190 | 2 Apple, Microsoft | 4 Itunes, Visual C\+\+, Visual Studio and 1 more | 2020-11-16 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability." | |||||
| CVE-2020-5144 | 1 Sonicwall | 1 Global Vpn Client | 2020-11-03 | 6.9 MEDIUM | 7.8 HIGH |
| SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability. | |||||
| CVE-2020-8338 | 1 Lenovo | 1 Diagnostics | 2020-10-16 | 7.2 HIGH | 7.8 HIGH |
| A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system. | |||||
| CVE-2020-6654 | 1 Eaton | 1 9000x Programming And Configuration Software | 2020-10-16 | 4.4 MEDIUM | 7.8 HIGH |
| A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL. | |||||
| CVE-2017-16997 | 2 Gnu, Redhat | 4 Glibc, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2020-10-15 | 9.3 HIGH | 7.8 HIGH |
| elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. | |||||
| CVE-2008-3357 | 3 Actian, Hp, Linux | 3 Ingres, Hp-ux, Linux Kernel | 2020-09-28 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability." | |||||
| CVE-2017-11749 | 1 Internet-soft | 1 Ftp Commander | 2020-09-23 | 6.8 MEDIUM | 7.8 HIGH |
| InternetSoft FTP Commander 8.02 and prior has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll file. | |||||
| CVE-2020-14350 | 3 Debian, Opensuse, Postgresql | 3 Debian Linux, Leap, Postgresql | 2020-09-18 | 4.4 MEDIUM | 7.3 HIGH |
| It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. | |||||
| CVE-2020-4545 | 1 Ibm | 1 Aspera Connect | 2020-09-09 | 9.3 HIGH | 7.8 HIGH |
| IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183190. | |||||
| CVE-2019-1010100 | 1 Akeo | 1 Rufus | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427. | |||||
| CVE-2019-11351 | 1 Teamspeak | 1 Teamspeak | 2020-08-24 | 9.3 HIGH | 8.8 HIGH |
| TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt framework. | |||||
| CVE-2019-9492 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. The attacker must have already gained authentication and have local access to the vulnerable system. | |||||
| CVE-2019-3648 | 1 Mcafee | 3 Anti-virus Plus, Internet Security, Total Protection | 2020-08-24 | 7.2 HIGH | 6.7 MEDIUM |
| A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission. | |||||
| CVE-2019-14599 | 1 Intel | 1 Control Center-i | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Unquoted service path in Control Center-I version 2.1.0.0 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-11660 | 1 Microfocus | 1 Data Protector | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges. | |||||
| CVE-2019-6724 | 4 Apple, Barracuda, Linux and 1 more | 4 Mac Os X, Vpn Client, Linux Kernel and 1 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root. | |||||
| CVE-2019-9798 | 2 Google, Mozilla | 2 Android, Firefox | 2020-08-24 | 5.8 MEDIUM | 7.4 HIGH |
| On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This issue only affects Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66. | |||||
| CVE-2019-13637 | 1 Logmeininc | 1 Join.me | 2020-08-24 | 9.3 HIGH | 8.8 HIGH |
| In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system. | |||||
| CVE-2017-12892 | 1 Foxitsoftware | 1 Pdf Compressor | 2020-08-19 | 6.8 MEDIUM | 7.8 HIGH |
| Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | |||||
| CVE-2017-11657 | 1 Dashlane | 1 Dashlane | 2020-08-19 | 4.4 MEDIUM | 7.3 HIGH |
| Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory. | |||||
| CVE-2016-9274 | 1 Git For Windows Project | 1 Git For Windows | 2020-08-13 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected. | |||||
| CVE-2010-3159 | 1 Ponsoftware | 1 Explzh | 2020-08-12 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Explzh 5.67 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory. | |||||
| CVE-2020-8317 | 1 Lenovo | 1 Drivers Management | 2020-07-29 | 6.9 MEDIUM | 7.8 HIGH |
| A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. | |||||
| CVE-2020-15009 | 1 Asus | 1 Screenpad2 Upgrade Tool | 2020-07-29 | 4.4 MEDIUM | 7.8 HIGH |
| AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name. | |||||
| CVE-2014-0315 | 1 Microsoft | 10 Windows 7, Windows 8, Windows 8.1 and 7 more | 2020-07-24 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse cmd.exe file in the current working directory, as demonstrated by a directory that contains a .bat or .cmd file, aka "Windows File Handling Vulnerability." | |||||
| CVE-2020-15602 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ 2020, Internet Security 2020 and 2 more | 2020-07-22 | 6.9 MEDIUM | 7.8 HIGH |
| An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device. | |||||
| CVE-2020-9673 | 1 Adobe | 1 Coldfusion | 2020-07-22 | 4.4 MEDIUM | 7.8 HIGH |
| Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2020-9672 | 1 Adobe | 1 Coldfusion | 2020-07-22 | 4.4 MEDIUM | 7.8 HIGH |
| Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2020-1458 | 1 Microsoft | 1 365 Apps | 2020-07-20 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading dynamic link library (DLL) files, aka 'Microsoft Office Remote Code Execution Vulnerability'. | |||||
| CVE-2019-19161 | 2 Cymiinstaller322 Activex Project, Microsoft | 4 Cymiinstaller322 Activex, Windows 10, Windows 7 and 1 more | 2020-07-07 | 6.5 MEDIUM | 7.2 HIGH |
| CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification. | |||||
| CVE-2020-3768 | 1 Adobe | 1 Coldfusion | 2020-07-01 | 4.4 MEDIUM | 7.8 HIGH |
| ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2019-6173 | 1 Lenovo | 1 Installation Package | 2020-06-22 | 6.9 MEDIUM | 6.5 MEDIUM |
| A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges. | |||||
| CVE-2019-6196 | 1 Lenovo | 1 Installation Package | 2020-06-22 | 6.9 MEDIUM | 7.3 HIGH |
| A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation. | |||||
| CVE-2009-0314 | 2 Fedoraproject, Gnome | 2 Fedora, Libpeas | 2020-06-15 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2020-13813 | 1 Foxitsoftware | 1 Foxit Studio Photo | 2020-06-10 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory when FoxitStudioPhoto366_3.6.6.916.exe is used. | |||||
| CVE-2020-13812 | 1 Foxitsoftware | 1 Foxit Studio Photo | 2020-06-10 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory. | |||||