Total
882 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6766 | 1 Swisscom | 1 Tvmediahelper | 2024-11-21 | N/A |
| Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge. The specific flaw exists within the handling of several DLLs (dwmapi.dll, PROPSYS.dll, cscapi.dll, SAMLIB.dll, netbios.dll, winhttp.dll, security.dll, ntmarta.dll, WindowsCodecs.dll, apphelp.dll) loaded by the SwisscomTVMediaHelper.exe process. | ||||
| CVE-2018-6765 | 1 Swisscom | 1 Myswisscomassistant | 2024-11-21 | N/A |
| Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge. The specific flaw exists within the handling of several DLLs (dwmapi.dll, IPHLPAPI.DLL, WindowsCodecs.dll, RpcRtRemote.dll, CRYPTSP.dll, rasadhlp.dll, DNSAPI.dll, ntmarta.dll, netbios.dll, olepro32.dll, security.dll, winhttp.dll, WINSTA.dll) loaded by the MySwisscomAssistant_Setup.exe process. | ||||
| CVE-2018-5457 | 2 Microsoft, Vyaire | 2 Windows Xp, Carefusion Upgrade Utility | 2024-11-21 | N/A |
| A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application. | ||||
| CVE-2018-5238 | 1 Symantec | 2 Norton Power Eraser, Symdiag | 2024-11-21 | N/A |
| Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. | ||||
| CVE-2018-5235 | 1 Symantec | 1 Norton Utilities | 2024-11-21 | N/A |
| Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. | ||||
| CVE-2018-4938 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 7.8 High |
| Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation. | ||||
| CVE-2018-3649 | 1 Intel | 18 Dual Band Wireless-ac 3160, Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168 and 15 more | 2024-11-21 | N/A |
| DLL injection vulnerability in the installation executables (Autorun.exe and Setup.exe) for Intel's wireless drivers and related software in Intel Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC family of products allows a local attacker to cause escalation of privilege via remote code execution. | ||||
| CVE-2018-20211 | 1 Exiftool Project | 1 Exiftool | 2024-11-21 | N/A |
| ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015). | ||||
| CVE-2018-16177 | 2 Microsoft, Ntt-west | 2 Windows 10, Fall Creators Update | 2024-11-21 | 7.8 High |
| Untrusted search path vulnerability in The installer of Windows 10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2018-15976 | 1 Adobe | 1 Technical Communications Suite | 2024-11-21 | N/A |
| Adobe Technical Communications Suite versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2018-14812 | 1 Fujielectric | 1 Energy Savings Estimator | 2024-11-21 | N/A |
| An uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electric Energy Savings Estimator versions V.1.0.2.0 and prior. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL. | ||||
| CVE-2018-14797 | 1 Emerson | 1 Deltav | 2024-11-21 | 7.8 High |
| Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution. | ||||
| CVE-2018-13806 | 1 Siemens | 1 Td Keypad Designer | 2024-11-21 | N/A |
| A vulnerability has been identified in SIEMENS TD Keypad Designer (All versions). A DLL hijacking vulnerability exists in all versions of SIEMENS TD Keypad Designer which could allow an attacker to execute code with the permission of the user running TD Designer. The attacker must have write access to the directory containing the TD project file in order to exploit the vulnerability. A legitimate user with higher privileges than the attacker must open the TD project in order for this vulnerability to be exploited. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2018-12805 | 1 Adobe | 1 Connect | 2024-11-21 | N/A |
| Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2018-12163 | 1 Intel | 1 Iot Developers Kit | 2024-11-21 | N/A |
| A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticated user to potentially escalate privileges using file modification via local access. | ||||
| CVE-2018-12160 | 1 Intel | 1 Data Migration Software | 2024-11-21 | N/A |
| DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access. | ||||
| CVE-2018-11072 | 1 Dell | 1 Digital Delivery | 2024-11-21 | N/A |
| Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a malicious DLL with administrator privileges. | ||||
| CVE-2018-11049 | 2 Emc, Rsa | 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance | 2024-11-21 | N/A |
| RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system. | ||||
| CVE-2018-1000622 | 2 Redhat, Rust-lang | 2 Devtools, Rust | 2024-11-21 | N/A |
| The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the --plugin-path flag. This vulnerability appears to have been fixed in 1.27.1. | ||||
| CVE-2017-7836 | 3 Apple, Linux, Mozilla | 3 Mac Os X, Linux Kernel, Firefox | 2024-11-21 | N/A |
| The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. Note: This attack requires an attacker have local system access and only affects OS X and Linux. Windows systems are not affected. This vulnerability affects Firefox < 57. | ||||