Export limit exceeded: 361517 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2560 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-8090 | 1 Quickheal | 3 Antivirus Pro, Internet Security, Total Security | 2024-11-21 | 7.8 High |
| Quick Heal Total Security 64 bit 17.00 (QHTS64.exe), (QHTSFT64.exe) - Version 10.0.1.38; Quick Heal Total Security 32 bit 17.00 (QHTS32.exe), (QHTSFT32.exe) - Version 10.0.1.38; Quick Heal Internet Security 64 bit 17.00 (QHIS64.exe), (QHISFT64.exe) - Version 10.0.0.37; Quick Heal Internet Security 32 bit 17.00 (QHIS32.exe), (QHISFT32.exe) - Version 10.0.0.37; Quick Heal AntiVirus Pro 64 bit 17.00 (QHAV64.exe), (QHAVFT64.exe) - Version 10.0.0.37; and Quick Heal AntiVirus Pro 32 bit 17.00 (QHAV32.exe), (QHAVFT32.exe) - Version 10.0.0.37 allow DLL Hijacking because of Insecure Library Loading. | ||||
| CVE-2018-7884 | 1 Displaylink | 1 Core Software Cleaner | 2024-11-21 | N/A |
| An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launches a process as SYSTEM to uninstall the old version: cl_1956.exe is run as SYSTEM on the %systemroot%\Temp folder, where any user can write a DLL (e.g., version.dll) to perform DLL Hijacking and elevate privileges to SYSTEM. | ||||
| CVE-2018-7840 | 1 Pelco | 1 Videoxpert Opscenter | 2024-11-21 | N/A |
| A Uncontrolled Search Path Element (CWE-427) vulnerability exists in VideoXpert OpsCenter versions prior to 3.1 which could allow an attacker to cause the system to call an incorrect DLL. | ||||
| CVE-2018-7799 | 1 Schneider-electric | 1 Software Update Utility | 2024-11-21 | N/A |
| A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file. | ||||
| CVE-2018-7526 | 1 Beaconmedaes | 2 Scroll Medical Air Systems, Scroll Medical Air Systems Firmware | 2024-11-21 | N/A |
| In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating. | ||||
| CVE-2018-7484 | 1 Purevpn | 1 Purevpn | 2024-11-21 | N/A |
| An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\SYSTEM privileges, tries to load several dynamic-link libraries using relative paths instead of the absolute path. When not using a fully qualified path, the application will first try to load the library from the directory from which the application is started. As the residing directory of PureVPNService.exe is writable to all users, this makes the application susceptible to privilege escalation through DLL hijacking. | ||||
| CVE-2018-7365 | 1 Zte | 2 Usmartview, Zxcloud Irai | 2024-11-21 | N/A |
| All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations. | ||||
| CVE-2018-7239 | 1 Schneider-electric | 13 Atv12 Dtm, Atv212 Dtm, Atv312 Dtm and 10 more | 2024-11-21 | N/A |
| A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code. | ||||
| CVE-2018-6766 | 1 Swisscom | 1 Tvmediahelper | 2024-11-21 | N/A |
| Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge. The specific flaw exists within the handling of several DLLs (dwmapi.dll, PROPSYS.dll, cscapi.dll, SAMLIB.dll, netbios.dll, winhttp.dll, security.dll, ntmarta.dll, WindowsCodecs.dll, apphelp.dll) loaded by the SwisscomTVMediaHelper.exe process. | ||||
| CVE-2018-6765 | 1 Swisscom | 1 Myswisscomassistant | 2024-11-21 | N/A |
| Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge. The specific flaw exists within the handling of several DLLs (dwmapi.dll, IPHLPAPI.DLL, WindowsCodecs.dll, RpcRtRemote.dll, CRYPTSP.dll, rasadhlp.dll, DNSAPI.dll, ntmarta.dll, netbios.dll, olepro32.dll, security.dll, winhttp.dll, WINSTA.dll) loaded by the MySwisscomAssistant_Setup.exe process. | ||||
| CVE-2018-6700 | 1 Mcafee | 1 True Key | 2024-11-21 | 7.8 High |
| DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware. | ||||
| CVE-2018-6669 | 1 Mcafee | 1 Application Change Control | 2024-11-21 | N/A |
| A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form. | ||||
| CVE-2018-6661 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2024-11-21 | 7.8 High |
| DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature. | ||||
| CVE-2018-6624 | 1 Omron | 7 Ns10, Ns12, Ns15 and 4 more | 2024-11-21 | N/A |
| OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html. | ||||
| CVE-2018-6514 | 2 Microsoft, Puppet | 2 Windows, Puppet | 2024-11-21 | N/A |
| In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation. | ||||
| CVE-2018-6513 | 1 Puppet | 2 Puppet, Puppet Enterprise | 2024-11-21 | N/A |
| Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2, were vulnerable to an attack where an unprivileged user on Windows agents could write custom facts that can escalate privileges on the next puppet run. This was possible through the loading of shared libraries from untrusted paths. | ||||
| CVE-2018-6475 | 1 Superantispyware | 1 Superantispyware | 2024-11-21 | N/A |
| In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges. | ||||
| CVE-2018-6461 | 2 March-hare, Microsoft | 2 Wincvs, Windows | 2024-11-21 | N/A |
| March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory. | ||||
| CVE-2018-6384 | 1 Nsclient | 1 Nsclient\+\+ | 2024-11-21 | N/A |
| Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder. | ||||
| CVE-2018-6321 | 1 Pandasecurity | 1 Panda Global Protection | 2024-11-21 | N/A |
| Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact. | ||||