Total
599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24767 | 2 Git For Windows Project, Microsoft | 4 Git For Windows, Visual Studio 2017, Visual Studio 2019 and 1 more | 2023-12-13 | 6.9 MEDIUM | 7.8 HIGH |
| GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account. | |||||
| CVE-2020-25244 | 1 Siemens | 1 Logo\! Soft Comfort | 2023-12-12 | 7.2 HIGH | 8.4 HIGH |
| A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.4). The software insecurely loads libraries which makes it vulnerable to DLL hijacking. Successful exploitation by a local attacker could lead to a takeover of the system where the software is installed. | |||||
| CVE-2023-48861 | 2 Baidu, Microsoft | 2 Ttplayer, Windows | 2023-12-11 | N/A | 7.8 HIGH |
| DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll. | |||||
| CVE-2023-28740 | 2 Intel, Microsoft | 4 Quickassist Technology, Quickassist Technology Firmware, Quickassist Technology Library and 1 more | 2023-12-10 | N/A | 7.8 HIGH |
| Uncontrolled search path element in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-41790 | 1 Artica | 1 Pandora Fms | 2023-12-10 | N/A | 9.8 CRITICAL |
| Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773. | |||||
| CVE-2023-47454 | 1 Netease | 1 Cloudmusic | 2023-12-10 | N/A | 7.8 HIGH |
| An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory. | |||||
| CVE-2023-4770 | 2 4d, Microsoft | 3 4d, Server, Windows | 2023-12-10 | N/A | 7.8 HIGH |
| An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution. | |||||
| CVE-2023-29069 | 1 Autodesk | 1 Desktop Connector | 2023-12-10 | N/A | 7.8 HIGH |
| A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability. | |||||
| CVE-2023-0898 | 1 Ge | 1 Micom S1 Agile | 2023-12-10 | N/A | 7.3 HIGH |
| General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application. | |||||
| CVE-2023-45252 | 2 Huddly, Microsoft | 2 Huddlycameraservice, Windows | 2023-12-10 | N/A | 7.8 HIGH |
| DLL Hijacking vulnerability in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, due to the installation of the service in a directory that grants write privileges to standard users, allows attackers to manipulate files, execute arbitrary code, and escalate privileges. | |||||
| CVE-2023-47453 | 1 Sohu | 1 Video Player | 2023-12-10 | N/A | 7.8 HIGH |
| An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working directory. | |||||
| CVE-2023-27513 | 1 Intel | 1 Server Information Retrieval Utility | 2023-12-10 | N/A | 7.8 HIGH |
| Uncontrolled search path element in some Intel(R) Server Information Retrieval Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-46814 | 2 Microsoft, Videolan | 2 Windows, Vlc Media Player | 2023-12-10 | N/A | 7.8 HIGH |
| A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM. | |||||
| CVE-2023-41787 | 1 Artica | 1 Pandora Fms | 2023-12-10 | N/A | 7.5 HIGH |
| Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows access to files with sensitive information. This issue affects Pandora FMS: from 700 through 772. | |||||
| CVE-2023-47113 | 2 Bleachbit, Microsoft | 2 Bleachbit, Windows | 2023-12-10 | N/A | 7.3 HIGH |
| BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0. | |||||
| CVE-2023-4931 | 1 Plesk | 1 Plesk | 2023-12-10 | N/A | 7.8 HIGH |
| Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files. | |||||
| CVE-2023-41613 | 2 Ezviz, Microsoft | 2 Ezviz Studio, Windows | 2023-12-10 | N/A | 7.8 HIGH |
| EzViz Studio v2.2.0 is vulnerable to DLL hijacking. | |||||
| CVE-2023-29504 | 1 Intel | 1 Realsense D400 Series Dynamic Calibration Tool | 2023-12-10 | N/A | 7.8 HIGH |
| Uncontrolled search path element in some Intel(R) RealSense(TM) Dynamic Calibration software before version 2.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-22818 | 1 Westerndigital | 1 Sandisk Security Installer | 2023-12-10 | N/A | 7.8 HIGH |
| Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution of arbitrary code with the privileges of the vulnerable application or obtain a certain level of persistence on the compromised host. | |||||
| CVE-2023-34350 | 1 Intel | 1 Extreme Tuning Utility | 2023-12-10 | N/A | 7.8 HIGH |
| Uncontrolled search path element in some Intel(R) XTU software before version 7.12.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||