Total
473 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1458 | 1 Microsoft | 1 365 Apps | 2020-07-20 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading dynamic link library (DLL) files, aka 'Microsoft Office Remote Code Execution Vulnerability'. | |||||
| CVE-2019-19161 | 2 Cymiinstaller322 Activex Project, Microsoft | 4 Cymiinstaller322 Activex, Windows 10, Windows 7 and 1 more | 2020-07-07 | 6.5 MEDIUM | 7.2 HIGH |
| CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification. | |||||
| CVE-2019-6173 | 1 Lenovo | 1 Installation Package | 2020-06-22 | 6.9 MEDIUM | 6.5 MEDIUM |
| A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges. | |||||
| CVE-2019-6196 | 1 Lenovo | 1 Installation Package | 2020-06-22 | 6.9 MEDIUM | 7.3 HIGH |
| A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation. | |||||
| CVE-2009-0314 | 2 Fedoraproject, Gnome | 2 Fedora, Libpeas | 2020-06-15 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2020-13813 | 1 Foxitsoftware | 1 Foxit Studio Photo | 2020-06-10 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory when FoxitStudioPhoto366_3.6.6.916.exe is used. | |||||
| CVE-2020-13812 | 1 Foxitsoftware | 1 Foxit Studio Photo | 2020-06-10 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory. | |||||
| CVE-2018-21241 | 1 Foxitsoftware | 1 Phantompdf | 2020-06-09 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an untrusted search path that allows a DLL to execute remote code. | |||||
| CVE-2020-4019 | 1 Atlassian | 1 Companion | 2020-06-05 | 4.4 MEDIUM | 7.8 HIGH |
| The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability. | |||||
| CVE-2017-17809 | 1 Goldenfrog | 1 Vyprvpn | 2020-05-11 | 6.8 MEDIUM | 7.8 HIGH |
| In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made. | |||||
| CVE-2020-0598 | 1 Intel | 1 Binary Configuration Tool | 2020-04-23 | 4.4 MEDIUM | 7.8 HIGH |
| Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-7079 | 1 Autodesk | 1 Dynamo Bim | 2020-04-23 | 4.4 MEDIUM | 7.8 HIGH |
| An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files. | |||||
| CVE-2020-8096 | 1 Bitdefender | 1 Antimalware Software Development Kit | 2020-04-07 | 4.6 MEDIUM | 5.3 MEDIUM |
| Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 . | |||||
| CVE-2020-11507 | 1 Malwarebytes | 1 Adwcleaner | 2020-04-06 | 6.9 MEDIUM | 7.8 HIGH |
| An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded. | |||||
| CVE-2020-7476 | 1 Schneider-electric | 1 Ulti Zigbee Installation Toolkit | 2020-03-25 | 4.4 MEDIUM | 7.8 HIGH |
| A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit (Versions prior to 1.0.1), which could cause execution of malicious code when a malicious file is put in the search path. | |||||
| CVE-2019-12569 | 1 Rakuten | 1 Viber | 2020-03-18 | 9.3 HIGH | 7.8 HIGH |
| A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user, if the attacker can place a crafted library in a directory that is accessible to the vulnerable system. | |||||
| CVE-2020-9418 | 2 Microsoft, Redsoftware | 2 Windows, Pdfescape | 2020-03-05 | 4.4 MEDIUM | 7.8 HIGH |
| An untrusted search path vulnerability in the installer of PDFescape Desktop version 4.0.22 and earlier allows an attacker to gain privileges and execute code via DLL hijacking. | |||||
| CVE-2017-12580 | 1 Ultraedit | 1 Ultraedit | 2020-03-03 | 6.9 MEDIUM | 7.8 HIGH |
| An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploit the vulnerability, on unpatched Windows systems, an attacker could include in the same directory as the affected executable a DLL using the name of a Windows DLL. This DLL must be preloaded by the executable (for example, "ntmarta.dll"). When the installer EXE is executed by the user, the DLL located in the EXE's current directory will be loaded instead of the Windows DLL, allowing the attacker to run arbitrary code on the affected system. | |||||
| CVE-2019-20456 | 2 Goverlan, Microsoft | 4 Client Agent, Reach Console, Reach Server and 1 more | 2020-02-26 | 4.4 MEDIUM | 7.8 HIGH |
| Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking. | |||||
| CVE-2014-3860 | 1 Xilisoft | 1 Video Converter | 2020-02-19 | 4.4 MEDIUM | 7.8 HIGH |
| Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability | |||||