Total
757 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6891 | 1 Peazip | 1 Peazip | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in PeaZip 9.4.0 and classified as problematic. Affected by this vulnerability is an unknown functionality in the library dragdropfilesdll.dll of the component Library Handler. The manipulation leads to uncontrolled search path. An attack has to be approached locally. Upgrading to version 9.6.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248251. NOTE: Vendor was contacted early, confirmed the existence of the flaw and immediately worked on a patched release. | |||||
| CVE-2023-6401 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6338 | 1 Lenovo | 1 Universal Device Client | 2024-11-21 | N/A | 7.8 HIGH |
| Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. | |||||
| CVE-2023-6132 | 2024-11-21 | N/A | 7.3 HIGH | ||
| The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL. | |||||
| CVE-2023-6061 | 1 Iconics | 1 Iconics Suite | 2024-11-21 | N/A | 6.6 MEDIUM |
| Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are: * MMXFax.exe * winfax.dll * MelSim2ComProc.exe * Sim2ComProc.dll * MMXCall_in.exe * libdxxmt.dll * libsrlmt.dll | |||||
| CVE-2023-5463 | 1 Xinje | 1 Xdppro | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been rated as critical. Affected by this issue is some unknown functionality in the library cfgmgr32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-241586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-51711 | 1 Regify | 1 Regipay | 2024-11-21 | N/A | 7.8 HIGH |
| An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed. | |||||
| CVE-2023-51710 | 2024-11-21 | N/A | 4.2 MEDIUM | ||
| EMS SQL Manager 3.6.2 (build 55333) for Oracle allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed. | |||||
| CVE-2023-4936 | 1 Synaptics | 1 Displaylink Usb Graphics | 2024-11-21 | N/A | 5.5 MEDIUM |
| It is possible to sideload a compromised DLL during the installation at elevated privilege. | |||||
| CVE-2023-4931 | 1 Plesk | 1 Plesk | 2024-11-21 | N/A | 6.3 MEDIUM |
| Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files. | |||||
| CVE-2023-4770 | 2 4d, Microsoft | 3 4d, Server, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution. | |||||
| CVE-2023-48861 | 2 Baidu, Microsoft | 2 Ttplayer, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll. | |||||
| CVE-2023-48677 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901. | |||||
| CVE-2023-47454 | 1 Netease | 1 Cloudmusic | 2024-11-21 | N/A | 7.8 HIGH |
| An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory. | |||||
| CVE-2023-47453 | 1 Sohu | 1 Video Player | 2024-11-21 | N/A | 7.8 HIGH |
| An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working directory. | |||||
| CVE-2023-47452 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2024-11-21 | N/A | 7.8 HIGH |
| An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory. | |||||
| CVE-2023-47113 | 2 Bleachbit, Microsoft | 2 Bleachbit, Windows | 2024-11-21 | N/A | 7.3 HIGH |
| BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0. | |||||
| CVE-2023-46814 | 2 Microsoft, Videolan | 2 Windows, Vlc Media Player | 2024-11-21 | N/A | 7.8 HIGH |
| A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM. | |||||
| CVE-2023-45743 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path in some Intel(R) DSA software uninstallers before version 23.4.39.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-45320 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||