Total
589 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5996 | 1 Beyondtrust | 1 Remote Support | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions. | |||||
| CVE-2017-12313 | 1 Cisco | 1 Packet Tracer | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. An attacker would need valid user credentials to exploit this vulnerability. | |||||
| CVE-2017-11158 | 2 Microsoft, Synology | 2 Windows, Cloud Station Drive | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | |||||
| CVE-2017-2212 | 1 Gsi | 1 Tky2jgd | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in TKY2JGD (TKY2JGD1379.EXE) ver. 1.3.79 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2191 | 1 Sharp | 2 Rw-5100 Driver Installer For Windows 7, Rw-5100 Driver Installer For Windows 8.1 | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in RW-5100 driver installer for Windows 7 version 1.0.0.9 and RW-5100 driver installer for Windows 8.1 version 1.0.1.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2230 | 1 Nilim | 1 Road Construction Completion Diagram Check Program | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Douro Kouji Kanseizutou Check Program Ver3.1 (cdrw_checker_3.1.0.lzh) and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-4939 | 1 Vmware | 1 Workstation | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code. | |||||
| CVE-2017-2226 | 1 Nta | 1 E-tax | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Setup file of advance preparation for e-Tax software (WEB version) (1.17.1) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-17069 | 2 Amazon, Microsoft | 2 Audible, Windows | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| ActiveSetupN.exe in Amazon Audible for Windows before November 2017 allows attackers to execute arbitrary DLL code if ActiveSetupN.exe is launched from a directory where an attacker has already created a Trojan horse dwmapi.dll file. | |||||
| CVE-2017-2108 | 1 Softbank | 1 Primedrive Desktop Application | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-10885 | 1 Sbisec | 1 Hyper Sbi | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-10824 | 1 Teikoku Databank | 1 Type A | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in TDB CA TypeA use software Version 5.2 and earlier, distributed until 10 August 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-11397 | 1 Trendmicro | 1 Encryption For Email | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system. | |||||
| CVE-2016-8746 | 1 Apache | 1 Ranger | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true. | |||||
| CVE-2017-2190 | 1 Sharp | 1 Rw-4040 | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2149 | 1 Toshiba | 1 Flashair | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2253 | 1 Yahoo | 1 Toolbar | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2265 | 1 Resume-next | 1 Filecapsule Deluxe Portable | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2232 | 1 Moj | 1 Shinseiyo Sogo Soft | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Installer of Shinseiyo Sogo Soft (4.8A) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-1144 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-20 | 1.9 LOW | 2.5 LOW |
| IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033. | |||||