CWE:
 

Topic
Date
Author
Med.
Progea Movicon 11.5.1181 Search Path Issues
01.11.2017
Karn Ganeshen
Med.
ArcServe UDP - Download Manager/Setup - DLL Hijacking
06.09.2016
sh4d0wman
High
ArcServe UDP - Unquoted Service Path Privilege Escalation
06.09.2016
sh4d0wman
Med.
Corel Software DLL Hijacking
14.01.2015
CORE
Med.
Karotz Smart Rabbit 12.07.19.00 Hijacking & Cleartext Token
02.08.2013
Daniel Crowley


CVEMAP Search Results

CVE
Details
Description
2020-11-06
Medium
CVE-2020-25174

Vendor: Bbraun
Software: Onlinesuite ...
 

 
A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user.

 
2020-10-28
Medium
CVE-2020-5145

Vendor: Sonicwall
Software: Global vpn c...
 

 
SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system.

 
2020-10-23
Medium
CVE-2020-5977

Vendor: Nvidia
Software: Geforce expe...
 

 
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.

 
2020-09-10
Medium
CVE-2020-7312

Vendor: Mcafee
Software: Mcafee agent
 

 
DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.

 
2020-09-03
Medium
CVE-2020-24162

Vendor: Tencent
Software: Tencent
 

 
The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code.

 
2020-08-17
Medium
CVE-2020-3433

Vendor: Cisco
Software: Anyconnect s...
 

 
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.

 
2020-08-14
Medium
CVE-2020-9767

Vendor: ZOOM
Software: Sharing service
 

 

 
2020-08-13
Medium
CVE-2020-7360

Vendor: Philips
Software: Smartcontrol
 

 
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.)

 
Medium
CVE-2020-8687

Vendor: Intel
Software: Rste softwar...
 

 
Uncontrolled search path in the installer for Intel(R) RSTe Software RAID Driver for the Intel(R) Server Board M10JNP2SB before version 4.7.0.1119 may allow an authenticated user to potentially enable escalation of privilege via local access.

 
2020-08-11
Medium
CVE-2020-13177

Vendor: Teradici
Software: Graphics agent
 

 
The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top