Total
403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12580 | 1 Ultraedit | 1 Ultraedit | 2020-03-03 | 6.9 MEDIUM | 7.8 HIGH |
| An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploit the vulnerability, on unpatched Windows systems, an attacker could include in the same directory as the affected executable a DLL using the name of a Windows DLL. This DLL must be preloaded by the executable (for example, "ntmarta.dll"). When the installer EXE is executed by the user, the DLL located in the EXE's current directory will be loaded instead of the Windows DLL, allowing the attacker to run arbitrary code on the affected system. | |||||
| CVE-2019-20456 | 2 Goverlan, Microsoft | 4 Client Agent, Reach Console, Reach Server and 1 more | 2020-02-26 | 4.4 MEDIUM | 7.8 HIGH |
| Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking. | |||||
| CVE-2014-3860 | 1 Xilisoft | 1 Video Converter | 2020-02-18 | 4.4 MEDIUM | 7.8 HIGH |
| Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability | |||||
| CVE-2013-3494 | 1 Umplayer Project | 1 Umplayer | 2020-02-18 | 9.3 HIGH | 7.8 HIGH |
| A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. which could let a malicious user execute arbitrary code. | |||||
| CVE-2013-3942 | 1 Daum | 1 Potplayer | 2020-02-14 | 6.8 MEDIUM | 7.8 HIGH |
| Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability | |||||
| CVE-2019-4732 | 2 Ibm, Microsoft | 3 Sdk, Websphere Application Server, Windows | 2020-02-06 | 6.9 MEDIUM | 6.5 MEDIUM |
| IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618. | |||||
| CVE-2019-17100 | 1 Bitdefender | 1 Total Security 2020 | 2020-02-04 | 4.4 MEDIUM | 6.5 MEDIUM |
| An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69. | |||||
| CVE-2019-17099 | 1 Bitdefender | 1 Endpoint Security Tools | 2020-02-01 | 4.4 MEDIUM | 7.8 HIGH |
| An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163. | |||||
| CVE-2013-2773 | 1 Gonitro | 1 Nitropdf | 2020-01-24 | 4.4 MEDIUM | 7.8 HIGH |
| Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution | |||||
| CVE-2016-6593 | 1 Symantec | 1 Vip Access Desktop | 2020-01-17 | 4.4 MEDIUM | 7.8 HIGH |
| A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code. | |||||
| CVE-2019-6019 | 1 Ipa | 1 Stamp Workbench | 2020-01-08 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2019-19929 | 1 Malwarebytes | 1 Adwcleaner | 2020-01-03 | 6.9 MEDIUM | 7.8 HIGH |
| An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product. | |||||
| CVE-2019-8801 | 1 Apple | 2 Itunes, Mac Os X | 2019-12-30 | 4.4 MEDIUM | 7.8 HIGH |
| A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution. | |||||
| CVE-2019-4606 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2 High Performance Unload Load, Linux Kernel, Windows and 1 more | 2019-12-16 | 6.9 MEDIUM | 7.8 HIGH |
| IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 168298. | |||||
| CVE-2019-15628 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus \+ Security 2020, Internet Security 2020 and 2 more | 2019-12-13 | 6.9 MEDIUM | 7.8 HIGH |
| Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started. | |||||
| CVE-2019-17446 | 2 Eracent, Linux | 2 Epa Agent, Linux Kernel | 2019-12-04 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Eracent EPA Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be used to start external programs with elevated permissions because of an Untrusted Search Path. | |||||
| CVE-2019-6189 | 1 Lenovo | 1 System Interface Foundation | 2019-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL. | |||||
| CVE-2019-16860 | 2 Code42, Microsoft | 2 Code42, Windows | 2019-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local machine. | |||||
| CVE-2019-16861 | 2 Code42, Microsoft | 2 Code42, Windows | 2019-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local server. | |||||
| CVE-2017-5996 | 1 Beyondtrust | 1 Remote Support | 2019-11-18 | 9.3 HIGH | 7.8 HIGH |
| The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions. | |||||