Total
710 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28128 | 2 Hibara, Microsoft | 2 Attachecase, Windows | 2023-08-08 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2021-36631 | 1 Baidu | 1 Baidunetdisk | 2023-08-08 | N/A | 6.7 MEDIUM |
| Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2022-22736 | 1 Mozilla | 1 Firefox | 2023-08-08 | N/A | 7.0 HIGH |
| If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.<br>*This bug only affects Firefox for Windows in a non-default installation. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96. | |||||
| CVE-2022-25348 | 2 Hibara, Microsoft | 2 Attachecase, Windows | 2023-08-08 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2022-41796 | 1 Sony | 1 Content Transfer | 2023-08-08 | N/A | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2022-48422 | 2 Linux, Onlyoffice | 2 Linux Kernel, Document Server | 2023-08-08 | N/A | 7.8 HIGH |
| ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is located. | |||||
| CVE-2023-37849 | 1 Watchguard | 1 Panda Security Vpn | 2023-07-27 | N/A | 6.5 MEDIUM |
| A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows attackers to execute arbitrary code via placing a crafted DLL file in the same directory as PANDAVPN.exe. | |||||
| CVE-2022-32222 | 2 Nodejs, Siemens | 2 Node.js, Sinec Ins | 2023-07-24 | N/A | 5.3 MEDIUM |
| A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3. | |||||
| CVE-2022-29580 | 1 Google | 1 Google Search | 2023-07-21 | N/A | 7.8 HIGH |
| There exists a path traversal vulnerability in the Android Google Search app. This is caused by the incorrect usage of uri.getLastPathSegment. A symbolic encoded string can bypass the path logic to get access to unintended directories. An attacker can manipulate paths that could lead to code execution on the device. We recommend upgrading beyond version 13.41 | |||||
| CVE-2023-31543 | 1 Pipreqs Project | 1 Pipreqs | 2023-07-10 | N/A | 9.8 CRITICAL |
| A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server. | |||||
| CVE-2023-28929 | 2 Microsoft, Trendmicro | 13 Windows, Antivirus\+ Security 2021, Antivirus\+ Security 2022 and 10 more | 2023-07-07 | N/A | 7.8 HIGH |
| Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started. | |||||
| CVE-2023-27908 | 1 Autodesk | 1 Installer | 2023-07-03 | N/A | 7.8 HIGH |
| A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability. | |||||
| CVE-2023-0976 | 2 Apple, Trellix | 2 Macos, Agent | 2023-06-13 | N/A | 7.8 HIGH |
| A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. The malicious file is executed by running the TA deployment feature located in the System Tree. | |||||
| CVE-2023-28080 | 1 Dell | 1 Powerpath | 2023-06-06 | N/A | 7.3 HIGH |
| PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. | |||||
| CVE-2023-25005 | 1 Autodesk | 1 Infraworks | 2023-05-26 | N/A | 7.8 HIGH |
| A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability. | |||||
| CVE-2023-25428 | 1 Soft-o | 1 Free Password Manager | 2023-05-24 | N/A | 7.8 HIGH |
| A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution. | |||||
| CVE-2023-30237 | 1 Cyberghostvpn | 1 Cyberghost | 2023-05-16 | N/A | 7.8 HIGH |
| CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DLL injection vulnerability via the component Dashboard.exe. | |||||
| CVE-2023-2355 | 1 Acronis | 1 Snap Deploy | 2023-05-09 | N/A | 7.8 HIGH |
| Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900. | |||||
| CVE-2023-29011 | 1 Git For Windows Project | 1 Git For Windows | 2023-05-04 | N/A | 7.8 HIGH |
| Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:\etc\connectrc`. Since `C:\etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder `etc` on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious `<drive>:\etc\connectrc` files on multi-user machines. | |||||
| CVE-2023-29012 | 1 Git For Windows Project | 1 Git For Windows | 2023-05-04 | N/A | 7.8 HIGH |
| Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. The problem has been patched in Git for Windows v2.40.1. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory. | |||||