CWE:
 

Tytuł
Data
Autor
Med.
Microsoft SAFER Bypass
30.04.2021
Stefan Kanthak
Med.
Progea Movicon 11.5.1181 Search Path Issues
01.11.2017
Karn Ganeshen
Med.
ArcServe UDP - Download Manager/Setup - DLL Hijacking
06.09.2016
sh4d0wman
High
ArcServe UDP - Unquoted Service Path Privilege Escalation
06.09.2016
sh4d0wman
Med.
Corel Software DLL Hijacking
14.01.2015
CORE
Med.
Karotz Smart Rabbit 12.07.19.00 Hijacking & Cleartext Token
02.08.2013
Daniel Crowley


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-05-11
Waiting for details
CVE-2022-28247

Updating...
 

 
Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local privilege escalation. Exploitation of this issue requires user interaction in that a victim must run the uninstaller with Admin privileges.

 
2022-05-05
Medium
CVE-2022-28714

Vendor: F5
Software: Big-ip acces...
 

 
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

 
2022-05-04
Medium
CVE-2021-20051

Vendor: Sonicwall
Software: Global vpn c...
 

 
SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system.

 
2022-05-03
Medium
CVE-2022-28792

Vendor: Samsung
Software: Gear iconx p...
 

 
DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking.

 
2022-04-12
Medium
CVE-2022-23449

Vendor: Siemens
Software: Simatic ener...
 

 
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path.

 
Waiting for details
CVE-2022-24767

Updating...
 

 
Git for Windows is a fork of Git containing Windows-specific patches. Since part of Git for Windows' uninstaller is copied into the current user's temporary directory and run in that place, it is important to ensure that there are no malicious `.dll` file in that directory that might be loaded as part of loading the executable. However, the default system settings for `TMP` and `TEMP` are to point to `C:\Windows\Temp`, a folder that is world-writable (for historical reasons), and the SYSTEM user account inherits those settings. This means that any authenticated user can place malicious `.dll` files that are loaded when Git for Windows' uninstaller is run via the SYSTEM account. Fixes are available in Git for Windows v2.35.2 or newer. Users unable to upgrade may override SYSTEM's `TMP` environment variable to point to a directory exclusively under SYSTEM's control before running the uninstaller, clear `C:\Windows\Temp` of all `.dll` files before running the uninstaller, or run the uninstaller under an admin account rather than SYSTEM as a workaround.

 
Waiting for details
CVE-2022-24765

Updating...
 

 
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.

 
2022-04-11
Medium
CVE-2022-27842

Vendor: Samsung
Software: Smart switch pc
 

 
DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code.

 
Medium
CVE-2022-27843

Vendor: Samsung
Software: KIES
 

 
DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code.

 
Medium
CVE-2022-28541

Vendor: Samsung
Software: Update
 

 
Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top