Total
600 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16176 | 1 Jaea | 1 Mapping Tool | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in Installer of Mapping Tool 2.0.1.6 and 2.0.1.7 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-16156 | 1 Fujitsu | 1 Paperstream Ip \(twain\) | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes an exported function named ChangeUninstallString. The default install does not contain this library and therefore if any DLL with that name exists in any directory listed in the PATH variable, it ...
Show More |
|||||
| CVE-2018-15983 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.
|
|||||
| CVE-2018-15974 | 1 Adobe | 1 Framemaker | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.
|
|||||
| CVE-2018-13133 | 1 Goldenfrog | 1 Vyprvpn | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Golden Frog VyprVPN before 2018-06-21 has a vulnerability associated with the installation process on Windows.
|
|||||
| CVE-2018-13102 | 2 Anydesk, Microsoft | 2 Anydesk, Windows 7 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability.
|
|||||
| CVE-2018-12589 | 1 Polarisoffice | 1 Polaris Office 2017 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory.
|
|||||
| CVE-2018-12449 | 1 Navercorp | 1 Whale | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.
|
|||||
| CVE-2018-12245 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note that this particular type of exploit only manifests at install time; no remediation is required for software that has already been installed. This issue only impacted the Trialware media for Symantec Endpoint Protection, which has since been updated.
|
|||||
| CVE-2018-11551 | 1 Nch | 1 Axon Pbx | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly.
|
|||||
| CVE-2018-10959 | 1 Beyondtrust | 1 Avecto Defendpoint | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch.
|
|||||
| CVE-2018-10904 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.
|
|||||
| CVE-2018-10875 | 4 Canonical, Debian, Redhat and 1 more | 11 Ubuntu Linux, Debian Linux, Ansible Engine and 8 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
|
|||||
| CVE-2018-10874 | 1 Redhat | 4 Ansible Engine, Openstack, Virtualization and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
|
|||||
| CVE-2018-10650 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
|
|||||
| CVE-2018-10027 | 1 Estsoft | 1 Alzip | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, %PROGRAMFILES(X86)%\ESTsoft\ALZip\Formats, or %PROGRAMFILES(X86)%\ESTsoft\ALZip\Coders.
|
|||||
| CVE-2018-1000201 | 2 Microsoft, Ruby-ffi Project | 2 Windows, Ruby-ffi | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later.
|
|||||
| CVE-2018-0692 | 1 Baidu | 1 Spark Browser | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0667 | 1 Mnc | 2 Inplc-rt Sdk Express, Inplc Sdk Pro\+ | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in Installer of INplc SDK Express 3.08 and earlier and Installer of INplc SDK Pro+ 3.08 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0656 | 1 Sony | 1 Digital Paper App | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0649 | 1 Eset | 6 Compusec, Deslock\+ Pro, Internet Security and 3 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0648 | 1 Chatwork | 1 Chatwork | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0624 | 1 Yayoi-kk | 6 Aoiro Shinkoku, Hanbai, Kaikei and 3 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loade ...
Show More |
|||||
| CVE-2018-0623 | 1 Yayoi-kk | 6 Aoiro Shinkoku, Hanbai, Kaikei and 3 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver. 20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of msjet49.dll loa ...
Show More |
|||||
| CVE-2018-0621 | 1 Logitech | 1 Connection Utility Software | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOFTWARE versions before 2.30.9 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0620 | 1 Logitech | 1 Game Software | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in LOGICOOL Game Software versions before 8.87.116 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0619 | 1 Glarysoft | 1 Glary Utilities | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0609 | 1 Linecorp | 1 Line | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0601 | 1 Axpdfium Project | 1 Axpdfium | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0600 | 2 Microsoft, Sony | 2 Windows, Playmemories Home | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0599 | 1 Microsoft | 1 Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0598 | 1 Microsoft | 1 Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0597 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0596 | 1 Microsoft | 1 Visual Studio Community | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0595 | 1 Microsoft | 2 Skype, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0594 | 1 Microsoft | 2 Skype, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0593 | 1 Microsoft | 1 Onedrive | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0592 | 1 Microsoft | 1 Onedrive | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0580 | 1 Celsys | 3 Clip Studio Action, Clip Studio Modeler, Clip Studio Paint | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2018-0563 | 1 Ntt-east | 2 Flet\'s Virus Clear Easy Setup \& Application Tool, Flet\'s Virus Clear V6 Easy Setup \& Application Tool | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
|||||