Total
785 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28779 | 1 Samsung | 1 Android Usb Driver Windows Installer | 2022-04-19 | 4.6 MEDIUM | 7.8 HIGH |
| Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code. | |||||
| CVE-2022-23449 | 1 Siemens | 2 Simatic Energy Manager Basic, Simatic Energy Manager Pro | 2022-04-19 | 6.9 MEDIUM | 7.3 HIGH |
| A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path. | |||||
| CVE-2022-27843 | 1 Samsung | 1 Kies | 2022-04-19 | 4.4 MEDIUM | 7.8 HIGH |
| DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code. | |||||
| CVE-2022-27842 | 1 Samsung | 1 Smart Switch Pc | 2022-04-19 | 4.4 MEDIUM | 7.8 HIGH |
| DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code. | |||||
| CVE-2022-28541 | 1 Samsung | 1 Update | 2022-04-19 | 4.6 MEDIUM | 7.8 HIGH |
| Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission. | |||||
| CVE-2022-25154 | 1 Samsung | 2 T5, T5 Firmware | 2022-04-13 | 4.4 MEDIUM | 7.3 HIGH |
| A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows 7, 10, or 11 to exploit this vulnerability.) | |||||
| CVE-2022-1098 | 1 Deltaww | 1 Diaenergie | 2022-04-08 | 4.4 MEDIUM | 7.8 HIGH |
| Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges | |||||
| CVE-2022-22996 | 1 Westerndigital | 2 Sandisk Professional G-raid 4\/8 Software Utility, Sandisk Professional G-raid 4\/8 Software Utility Driver | 2022-04-07 | 6.9 MEDIUM | 7.8 HIGH |
| The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user. | |||||
| CVE-2019-7653 | 3 Canonical, Debian, Rdflib Project | 3 Ubuntu Linux, Debian Linux, Rdflib | 2022-04-06 | 7.5 HIGH | 9.8 CRITICAL |
| The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts directory. | |||||
| CVE-2021-34803 | 2 Microsoft, Teamviewer | 2 Windows, Teamviewer | 2022-04-06 | 4.4 MEDIUM | 7.8 HIGH |
| TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations. | |||||
| CVE-2019-9896 | 3 Microsoft, Opensuse, Putty | 4 Windows, Backports Sle, Leap and 1 more | 2022-04-05 | 4.6 MEDIUM | 7.8 HIGH |
| In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. | |||||
| CVE-2020-25182 | 3 Rockwellautomation, Schneider-electric, Xylem | 31 Aadvance Controller, Isagraf Free Runtime, Isagraf Runtime and 28 more | 2022-04-05 | 4.6 MEDIUM | 6.7 MEDIUM |
| Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems. | |||||
| CVE-2019-20400 | 1 Atlassian | 1 Jira Server | 2022-03-25 | 4.4 MEDIUM | 7.8 HIGH |
| The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability. | |||||
| CVE-2022-26511 | 1 Kingsoft | 1 Wps Presentation | 2022-03-24 | 6.8 MEDIUM | 7.8 HIGH |
| WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading). | |||||
| CVE-2022-26081 | 1 Kingsoft | 1 Wps Office | 2022-03-24 | 6.8 MEDIUM | 7.8 HIGH |
| The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. | |||||
| CVE-2022-25969 | 1 Kingsoft | 1 Wps Office | 2022-03-23 | 6.8 MEDIUM | 7.8 HIGH |
| The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. | |||||
| CVE-2022-26319 | 1 Trendmicro | 1 Portable Security | 2022-03-19 | 6.9 MEDIUM | 6.5 MEDIUM |
| An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges. Please note: an attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-26337 | 1 Trendmicro | 1 Password Manager | 2022-03-18 | 9.3 HIGH | 7.8 HIGH |
| Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine. | |||||
| CVE-2022-23401 | 1 Yokogawa | 9 Centum Cs 3000, Centum Cs 3000 Entry, Centum Cs 3000 Entry Firmware and 6 more | 2022-03-18 | 3.7 LOW | 7.8 HIGH |
| The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. | |||||
| CVE-2022-22943 | 1 Vmware | 1 Tools | 2022-03-17 | 7.2 HIGH | 6.7 MEDIUM |
| VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element. | |||||