Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28099 | 2024-08-08 | 7.8 High | ||
| VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application. | ||||
| CVE-2005-0457 | 1 Opera | 1 Opera Browser | 2024-08-07 | N/A |
| Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGE_TMPDIR (portage) temporary directory. | ||||
| CVE-2024-21818 | 2024-08-07 | 6.7 Medium | ||
| Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-34116 | 1 Adobe | 1 Creative Cloud Desktop Application | 2024-08-07 | 7.1 High |
| Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to load and execute malicious libraries, leading to arbitrary file delete. Exploitation of this issue requires user interaction. | ||||
| CVE-2013-0725 | 1 Hexagongeospatial | 1 Erdas Er Viewer | 2024-08-06 | 7.8 High |
| ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries arbitrary code execution vulnerabilities | ||||
| CVE-2014-8393 | 1 Corel | 5 Coreldraw, Coreldraw Photo Paint, Paint Shop Pro and 2 more | 2024-08-06 | N/A |
| DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion. | ||||
| CVE-2015-1014 | 1 Schneider-electric | 3 Citectscada, Opc Factory Server, Scada Expert Vijeo Citect | 2024-08-06 | N/A |
| A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version. | ||||
| CVE-2016-6592 | 1 Symantec | 1 Norton Download Manager | 2024-08-06 | 7.8 High |
| A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. A remote user can create a specially crafted DLL file that, when placed on the target user's system, will cause the Norton Download Manager component to load the remote user's DLL instead of the intended DLL and execute arbitrary code when the Norton Download Manager component is run by the target user. | ||||
| CVE-2016-5311 | 1 Symantec | 9 Endpoint Protection, Endpoint Protection Cloud, Norton 360 and 6 more | 2024-08-06 | 7.8 High |
| A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges. | ||||
| CVE-2016-4526 | 1 Trane | 1 Tracer Sc | 2024-08-06 | N/A |
| ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory. | ||||
| CVE-2017-1000010 | 1 Audacityteam | 1 Audacity | 2024-08-05 | 7.8 High |
| Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution. | ||||
| CVE-2017-20123 | 2 Microsoft, Sparklabs | 2 Windows, Viscosity | 2024-08-05 | 8.8 High |
| A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2017-20051 | 1 Jrsoftware | 1 Inno Setup | 2024-08-05 | 6.3 Medium |
| A vulnerability was found in InnoSetup Installer. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to uncontrolled search path. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20052 | 1 Python | 1 Python | 2024-08-05 | 5 Medium |
| A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20018 | 1 Apachefriends | 1 Xampp | 2024-08-05 | 6.3 Medium |
| A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely. | ||||
| CVE-2017-16777 | 1 Hashicorp | 1 Vagrant | 2024-08-05 | N/A |
| If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root. | ||||
| CVE-2017-14017 | 1 Progea | 1 Movicon | 2024-08-05 | N/A |
| An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An uncontrolled search path element vulnerability has been identified, which may allow a remote attacker without privileges to execute arbitrary code in the form of a malicious DLL file. | ||||
| CVE-2017-14029 | 1 Trihedral | 1 Vtscada | 2024-08-05 | N/A |
| An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine. | ||||
| CVE-2017-13993 | 1 I-sens | 1 Smartlog Diabetes Management Software | 2024-08-05 | N/A |
| An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. This vulnerability does not affect the connected blood glucose monitor and would not impact delivery of therapy to the patient. | ||||
| CVE-2017-13130 | 1 Bmc | 1 Patrol | 2024-08-05 | N/A |
| mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring. | ||||