Total
492 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2167 | 1 Softbank | 1 Primedrive Desktop Application | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory. | |||||
| CVE-2017-2157 | 1 Jpki | 1 The Public Certification Service For Individuals | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
| Untrusted search path vulnerability in installers for The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)", The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier that were available until April 27, 2017 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2156 | 1 Vivaldi | 1 Vivaldi Installer For Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory. | |||||
| CVE-2017-2149 | 1 Toshiba | 1 Flashair | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2130 | 1 Securebrain | 1 Phishwall Client | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2108 | 1 Softbank | 1 Primedrive Desktop Application | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2107 | 1 Akky | 1 7-zip32.dll | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-1711 | 1 Ibm | 2 Client Application Access, Notes | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532. | |||||
| CVE-2017-1144 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2024-11-21 | 1.9 LOW | 2.5 LOW |
| IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033. | |||||
| CVE-2017-17809 | 1 Goldenfrog | 1 Vyprvpn | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made. | |||||
| CVE-2017-17069 | 2 Amazon, Microsoft | 2 Audible, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| ActiveSetupN.exe in Amazon Audible for Windows before November 2017 allows attackers to execute arbitrary DLL code if ActiveSetupN.exe is launched from a directory where an attacker has already created a Trojan horse dwmapi.dll file. | |||||
| CVE-2017-17010 | 1 Sony | 1 Content Manager Assistant | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-16997 | 2 Gnu, Redhat | 4 Glibc, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. | |||||
| CVE-2017-16690 | 1 Sap | 1 Plant Connectivity | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder the executable is in and not from the system location. The desired behavior is that system dlls are only loaded from the system folders. If a dll with the same name as the system dll is located in the same folder as the executable, this dll is loaded and code is executed. | |||||
| CVE-2017-15913 | 1 Navercorp | 1 Whale | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The Installer in Whale allows DLL hijacking. | |||||
| CVE-2017-15566 | 1 Schedmd | 1 Slurm | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution. | |||||
| CVE-2017-13070 | 1 Qnap | 1 Qsync | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version 4.2.2.0724 and earlier could allow remote attackers to execute arbitrary code on Windows machines. | |||||
| CVE-2017-12892 | 1 Foxitsoftware | 1 Pdf Compressor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | |||||
| CVE-2017-12580 | 1 Ultraedit | 1 Ultraedit | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploit the vulnerability, on unpatched Windows systems, an attacker could include in the same directory as the affected executable a DLL using the name of a Windows DLL. This DLL must be preloaded by the executable (for example, "ntmarta.dll"). When the installer EXE is executed by the user, the DLL located in the EXE's current directory will be loaded instead of the Windows DLL, allowing the attacker to run arbitrary code on the affected system. | |||||
| CVE-2017-12480 | 1 Sandboxie | 1 Sandboxie Installer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Sandboxie installer 5071703 has a DLL Hijacking or Unsafe DLL Loading Vulnerability via a Trojan horse dwmapi.dll or profapi.dll file in an AppData\Local\Temp directory. | |||||