Total
498 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20051 | 1 Sonicwall | 1 Global Vpn Client | 2022-05-12 | 6.9 MEDIUM | 7.8 HIGH |
| SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system. | |||||
| CVE-2022-28714 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client | 2022-05-12 | 4.4 MEDIUM | 7.8 HIGH |
| On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2022-28792 | 1 Samsung | 1 Gear Iconx Pc Manager | 2022-05-11 | 4.4 MEDIUM | 7.8 HIGH |
| DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking. | |||||
| CVE-2022-23410 | 1 Axis | 1 Ip Utility | 2022-05-11 | 4.4 MEDIUM | 7.8 HIGH |
| AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder. | |||||
| CVE-2022-0192 | 1 Lenovo | 1 Pcmanager | 2022-05-04 | 4.4 MEDIUM | 7.8 HIGH |
| A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation. | |||||
| CVE-2021-20722 | 1 Fujitsu | 1 Scansnap Manager | 2022-05-03 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installers of ScanSnap Manager prior to versions V7.0L20 and the Software Download Installer prior to WinSSInst2JP.exe and WinSSInst2iX1500JP.exe allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2021-20616 | 1 Skygroup | 1 Skysea Client View | 2022-05-03 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2021-20726 | 1 Overwolf | 1 Overwolf | 2022-05-03 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2021-36770 | 3 Fedoraproject, P5-encode Project, Perl | 3 Fedora, P5-encode, Perl | 2022-05-03 | 6.8 MEDIUM | 7.8 HIGH |
| Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value. | |||||
| CVE-2019-19689 | 2 Microsoft, Trendmicro | 2 Windows, Housecall For Home Networks | 2022-05-03 | 4.4 MEDIUM | 7.8 HIGH |
| Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses. | |||||
| CVE-2020-26947 | 1 Getmonero | 1 Monero | 2022-04-28 | 4.6 MEDIUM | 7.8 HIGH |
| monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory. | |||||
| CVE-2019-5676 | 2 Microsoft, Nvidia | 3 Windows, Geforce Experience, Gpu Display Driver | 2022-04-27 | 7.2 HIGH | 6.7 MEDIUM |
| NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution. | |||||
| CVE-2021-3633 | 1 Lenovo | 1 Drivers Management | 2022-04-25 | 6.9 MEDIUM | 7.8 HIGH |
| A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation. | |||||
| CVE-2022-21668 | 2 Fedoraproject, Pypa | 2 Fedora, Pipenv | 2022-04-25 | 9.3 HIGH | 8.6 HIGH |
| pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims who use pipenv to install the requirements file to download dependencies from a package index server controlled by the attacker. By embedding malicious code in packages served from their malicious index server, the attacker can trigger arbitrary remote code execution (RCE) on the victims' systems. If an attacker is able to hide a malicious `--index-url` option in a requirements file that a victim installs with pipenv, the attacker can embed arbitrary malicious code in packages served from their malicious index server that will be executed on the victim's host during installation (remote code execution/RCE). When pip installs from a source distribution, any code in the setup.py is executed by the install process. This issue is patched in version 2022.1.8. The GitHub Security Advisory contains more information about this vulnerability. | |||||
| CVE-2022-24767 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2022-04-21 | 6.9 MEDIUM | 7.8 HIGH |
| GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account. | |||||
| CVE-2022-28779 | 1 Samsung | 1 Android Usb Driver Windows Installer | 2022-04-19 | 4.6 MEDIUM | 7.8 HIGH |
| Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code. | |||||
| CVE-2022-23449 | 1 Siemens | 2 Simatic Energy Manager Basic, Simatic Energy Manager Pro | 2022-04-19 | 6.9 MEDIUM | 7.3 HIGH |
| A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path. | |||||
| CVE-2022-27843 | 1 Samsung | 1 Kies | 2022-04-19 | 4.4 MEDIUM | 7.8 HIGH |
| DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code. | |||||
| CVE-2022-27842 | 1 Samsung | 1 Smart Switch Pc | 2022-04-19 | 4.4 MEDIUM | 7.8 HIGH |
| DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code. | |||||
| CVE-2022-28541 | 1 Samsung | 1 Update | 2022-04-18 | 4.6 MEDIUM | 7.8 HIGH |
| Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission. | |||||