Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7799 | 1 Schneider-electric | 1 Software Update Utility | 2024-08-05 | N/A |
| A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file. | ||||
| CVE-2018-6765 | 1 Swisscom | 1 Myswisscomassistant | 2024-08-05 | N/A |
| Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge. The specific flaw exists within the handling of several DLLs (dwmapi.dll, IPHLPAPI.DLL, WindowsCodecs.dll, RpcRtRemote.dll, CRYPTSP.dll, rasadhlp.dll, DNSAPI.dll, ntmarta.dll, netbios.dll, olepro32.dll, security.dll, winhttp.dll, WINSTA.dll) loaded by the MySwisscomAssistant_Setup.exe process. | ||||
| CVE-2018-6766 | 1 Swisscom | 1 Tvmediahelper | 2024-08-05 | N/A |
| Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge. The specific flaw exists within the handling of several DLLs (dwmapi.dll, PROPSYS.dll, cscapi.dll, SAMLIB.dll, netbios.dll, winhttp.dll, security.dll, ntmarta.dll, WindowsCodecs.dll, apphelp.dll) loaded by the SwisscomTVMediaHelper.exe process. | ||||
| CVE-2018-5457 | 2 Microsoft, Vyaire | 2 Windows Xp, Carefusion Upgrade Utility | 2024-08-05 | N/A |
| A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application. | ||||
| CVE-2018-4938 | 1 Adobe | 1 Coldfusion | 2024-08-05 | 7.8 High |
| Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation. | ||||
| CVE-2019-1010100 | 1 Akeo | 1 Rufus | 2024-08-05 | N/A |
| Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427. | ||||
| CVE-2019-20856 | 2 Apple, Mattermost | 2 Macos, Mattermost Desktop | 2024-08-05 | 9.8 Critical |
| An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection. | ||||
| CVE-2019-20780 | 1 Google | 1 Android | 2024-08-05 | 9.8 Critical |
| An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Certain security settings, related to whether packages are verified and accepted only from known sources, are mishandled. The LG ID is LVE-SMP-190002 (April 2019). | ||||
| CVE-2019-20769 | 1 Lg | 2 G3, Pc Suite | 2024-08-05 | 7.8 High |
| An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier). DLL Hijacking can occur via a Trojan horse DLL in the current working directory. The LG ID is LVE-MOT-190001 (November 2019). | ||||
| CVE-2019-20781 | 1 Lg | 1 Bridge | 2024-08-05 | 7.8 High |
| An issue was discovered in LG Bridge before April 2019 on Windows. DLL Hijacking can occur. | ||||
| CVE-2019-20358 | 2 Microsoft, Trendmicro | 2 Windows, Anti-threat Toolkit | 2024-08-05 | 7.8 High |
| Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to CVE-2019-9491 was idenitfied and resolved in version 1.62.0.1228 of the tool. | ||||
| CVE-2019-19954 | 2 Microsoft, Signal | 2 Windows, Signal-desktop | 2024-08-05 | 7.3 High |
| Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file. | ||||
| CVE-2019-19689 | 2 Microsoft, Trendmicro | 2 Windows, Housecall For Home Networks | 2024-08-05 | 7.8 High |
| Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses. | ||||
| CVE-2019-19364 | 1 Sony | 2 Catalyst Browse, Catalyst Production Suite | 2024-08-05 | 7.8 High |
| A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. The vulnerability is in the form of DLL Hijacking. The installers try to load DLLs that don’t exist from its current directory; by doing so, an attacker can quickly escalate its privileges. | ||||
| CVE-2019-19235 | 2 Asus, Microsoft | 2 Atk Package, Windows 10 | 2024-08-05 | 7.0 High |
| AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name. | ||||
| CVE-2019-19115 | 1 Nahimic | 1 Apo Software Component | 2024-08-05 | 7.8 High |
| An escalation of privilege vulnerability in Nahimic APO Software Component Driver 1.4.2, 1.5.0, 1.5.1, 1.6.1 and 1.6.2 allows an attacker to execute code with SYSTEM privileges. | ||||
| CVE-2019-18670 | 1 Acer | 1 Quick Access | 2024-08-05 | 7.8 High |
| In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITY\SYSTEM. This is a DLL Hijacking vulnerability (including search order hijacking, which searches for the missing DLL in the PATH environment variable), which is caused by an uncontrolled search path element for nvapi.dll, atiadlxx.dll, or atiadlxy.dll. | ||||
| CVE-2019-18215 | 1 Comodo | 1 Comodo Internet Security | 2024-08-05 | 7.8 High |
| An issue was discovered in signmgr.dll 6.5.0.819 in Comodo Internet Security through 12.0. A DLL Preloading vulnerability allows an attacker to implant an unsigned DLL named iLog.dll in a partially unprotected product directory. This DLL is then loaded into a high-privileged service before the binary signature validation logic is loaded, and might bypass some of the self-defense mechanisms. | ||||
| CVE-2019-17665 | 1 Nsa | 1 Ghidra | 2024-08-05 | 7.8 High |
| NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory. | ||||
| CVE-2019-17093 | 2 Avast, Avg | 2 Antivirus, Anti-virus | 2024-08-05 | 7.8 High |
| An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms. This affects all components that use WMI, e.g., AVGSvc.exe 19.6.4546.0 and TuneupSmartScan.dll 19.1.884.0. | ||||