Total
710 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0192 | 1 Lenovo | 1 Pcmanager | 2022-05-04 | 4.4 MEDIUM | 7.8 HIGH |
| A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation. | |||||
| CVE-2021-20722 | 1 Fujitsu | 1 Scansnap Manager | 2022-05-03 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installers of ScanSnap Manager prior to versions V7.0L20 and the Software Download Installer prior to WinSSInst2JP.exe and WinSSInst2iX1500JP.exe allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2021-20616 | 1 Skygroup | 1 Skysea Client View | 2022-05-03 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2021-20726 | 1 Overwolf | 1 Overwolf | 2022-05-03 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2019-19689 | 2 Microsoft, Trendmicro | 2 Windows, Housecall For Home Networks | 2022-05-03 | 4.4 MEDIUM | 7.8 HIGH |
| Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses. | |||||
| CVE-2020-26947 | 1 Getmonero | 1 Monero | 2022-04-28 | 4.6 MEDIUM | 7.8 HIGH |
| monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory. | |||||
| CVE-2019-5676 | 2 Microsoft, Nvidia | 3 Windows, Geforce Experience, Gpu Display Driver | 2022-04-27 | 7.2 HIGH | 6.7 MEDIUM |
| NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution. | |||||
| CVE-2021-3633 | 1 Lenovo | 1 Drivers Management | 2022-04-25 | 6.9 MEDIUM | 7.8 HIGH |
| A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation. | |||||
| CVE-2022-28779 | 1 Samsung | 1 Android Usb Driver Windows Installer | 2022-04-19 | 4.6 MEDIUM | 7.8 HIGH |
| Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code. | |||||
| CVE-2022-23449 | 1 Siemens | 2 Simatic Energy Manager Basic, Simatic Energy Manager Pro | 2022-04-19 | 6.9 MEDIUM | 7.3 HIGH |
| A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path. | |||||
| CVE-2022-27843 | 1 Samsung | 1 Kies | 2022-04-19 | 4.4 MEDIUM | 7.8 HIGH |
| DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code. | |||||
| CVE-2022-27842 | 1 Samsung | 1 Smart Switch Pc | 2022-04-19 | 4.4 MEDIUM | 7.8 HIGH |
| DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code. | |||||
| CVE-2022-28541 | 1 Samsung | 1 Update | 2022-04-19 | 4.6 MEDIUM | 7.8 HIGH |
| Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission. | |||||
| CVE-2022-25154 | 1 Samsung | 2 T5, T5 Firmware | 2022-04-13 | 4.4 MEDIUM | 7.3 HIGH |
| A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows 7, 10, or 11 to exploit this vulnerability.) | |||||
| CVE-2022-1098 | 1 Deltaww | 1 Diaenergie | 2022-04-08 | 4.4 MEDIUM | 7.8 HIGH |
| Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges | |||||
| CVE-2022-22996 | 1 Westerndigital | 2 Sandisk Professional G-raid 4\/8 Software Utility, Sandisk Professional G-raid 4\/8 Software Utility Driver | 2022-04-07 | 6.9 MEDIUM | 7.8 HIGH |
| The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user. | |||||
| CVE-2019-7653 | 3 Canonical, Debian, Rdflib Project | 3 Ubuntu Linux, Debian Linux, Rdflib | 2022-04-06 | 7.5 HIGH | 9.8 CRITICAL |
| The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts directory. | |||||
| CVE-2021-34803 | 2 Microsoft, Teamviewer | 2 Windows, Teamviewer | 2022-04-06 | 4.4 MEDIUM | 7.8 HIGH |
| TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations. | |||||
| CVE-2019-9896 | 3 Microsoft, Opensuse, Putty | 4 Windows, Backports Sle, Leap and 1 more | 2022-04-05 | 4.6 MEDIUM | 7.8 HIGH |
| In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. | |||||
| CVE-2020-25182 | 3 Rockwellautomation, Schneider-electric, Xylem | 31 Aadvance Controller, Isagraf Free Runtime, Isagraf Runtime and 28 more | 2022-04-05 | 4.6 MEDIUM | 6.7 MEDIUM |
| Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems. | |||||