Total
489 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0314 | 2 Fedoraproject, Gnome | 2 Fedora, Libpeas | 2020-06-15 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | |||||
| CVE-2020-13813 | 1 Foxitsoftware | 1 Foxit Studio Photo | 2020-06-10 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory when FoxitStudioPhoto366_3.6.6.916.exe is used. | |||||
| CVE-2020-13812 | 1 Foxitsoftware | 1 Foxit Studio Photo | 2020-06-10 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory. | |||||
| CVE-2018-21241 | 1 Foxitsoftware | 1 Phantompdf | 2020-06-09 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an untrusted search path that allows a DLL to execute remote code. | |||||
| CVE-2020-4019 | 1 Atlassian | 1 Companion | 2020-06-05 | 4.4 MEDIUM | 7.8 HIGH |
| The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability. | |||||
| CVE-2017-17809 | 1 Goldenfrog | 1 Vyprvpn | 2020-05-11 | 6.8 MEDIUM | 7.8 HIGH |
| In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made. | |||||
| CVE-2020-0598 | 1 Intel | 1 Binary Configuration Tool | 2020-04-23 | 4.4 MEDIUM | 7.8 HIGH |
| Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-7079 | 1 Autodesk | 1 Dynamo Bim | 2020-04-23 | 4.4 MEDIUM | 7.8 HIGH |
| An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files. | |||||
| CVE-2020-8096 | 1 Bitdefender | 1 Antimalware Software Development Kit | 2020-04-07 | 4.6 MEDIUM | 5.3 MEDIUM |
| Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 . | |||||
| CVE-2020-11507 | 1 Malwarebytes | 1 Adwcleaner | 2020-04-06 | 6.9 MEDIUM | 7.8 HIGH |
| An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded. | |||||
| CVE-2020-7476 | 1 Schneider-electric | 1 Ulti Zigbee Installation Toolkit | 2020-03-25 | 4.4 MEDIUM | 7.8 HIGH |
| A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit (Versions prior to 1.0.1), which could cause execution of malicious code when a malicious file is put in the search path. | |||||
| CVE-2019-12569 | 1 Rakuten | 1 Viber | 2020-03-18 | 9.3 HIGH | 7.8 HIGH |
| A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user, if the attacker can place a crafted library in a directory that is accessible to the vulnerable system. | |||||
| CVE-2020-9418 | 2 Microsoft, Redsoftware | 2 Windows, Pdfescape | 2020-03-05 | 4.4 MEDIUM | 7.8 HIGH |
| An untrusted search path vulnerability in the installer of PDFescape Desktop version 4.0.22 and earlier allows an attacker to gain privileges and execute code via DLL hijacking. | |||||
| CVE-2017-12580 | 1 Ultraedit | 1 Ultraedit | 2020-03-03 | 6.9 MEDIUM | 7.8 HIGH |
| An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploit the vulnerability, on unpatched Windows systems, an attacker could include in the same directory as the affected executable a DLL using the name of a Windows DLL. This DLL must be preloaded by the executable (for example, "ntmarta.dll"). When the installer EXE is executed by the user, the DLL located in the EXE's current directory will be loaded instead of the Windows DLL, allowing the attacker to run arbitrary code on the affected system. | |||||
| CVE-2019-20456 | 2 Goverlan, Microsoft | 4 Client Agent, Reach Console, Reach Server and 1 more | 2020-02-26 | 4.4 MEDIUM | 7.8 HIGH |
| Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking. | |||||
| CVE-2014-3860 | 1 Xilisoft | 1 Video Converter | 2020-02-19 | 4.4 MEDIUM | 7.8 HIGH |
| Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability | |||||
| CVE-2013-3494 | 1 Umplayer Project | 1 Umplayer | 2020-02-18 | 9.3 HIGH | 7.8 HIGH |
| A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. which could let a malicious user execute arbitrary code. | |||||
| CVE-2013-3942 | 1 Daum | 1 Potplayer | 2020-02-14 | 6.8 MEDIUM | 7.8 HIGH |
| Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability | |||||
| CVE-2019-4732 | 2 Ibm, Microsoft | 3 Sdk, Websphere Application Server, Windows | 2020-02-06 | 6.9 MEDIUM | 6.5 MEDIUM |
| IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618. | |||||
| CVE-2019-17100 | 1 Bitdefender | 1 Total Security 2020 | 2020-02-04 | 4.4 MEDIUM | 6.5 MEDIUM |
| An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69. | |||||