| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking. |
| Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability. |
| Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code. |
| On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
| Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission. |
| EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x). |
| Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. |
| Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. |
| Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. |
| Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. |
| Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. |
| In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this. |
| DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code. |
| DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code. |
| A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files. |
| BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level. |
| Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. |
| In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level. |
| Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges. |
| FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. |
