Total
866 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-47636 | 1 Outsystems | 1 Service Studio | 2024-11-21 | 7.8 High |
| A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user. | ||||
| CVE-2022-47632 | 2 Microsoft, Razer | 2 Windows, Synapse | 2024-11-21 | 6.8 Medium |
| Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if the malicious DLLs are unsigned, it suffices to use self-signed DLLs. The validity of the DLL signatures is not checked. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows. | ||||
| CVE-2022-46330 | 1 Squirrel.windows Project | 1 Squirrel.windows | 2024-11-21 | 7.8 High |
| Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer. | ||||
| CVE-2022-45422 | 1 Lg | 1 Smart Share | 2024-11-21 | 7.8 High |
| When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005. | ||||
| CVE-2022-44939 | 1 Echatserver | 1 Easy Chat Server | 2024-11-21 | 7.8 High |
| Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL. | ||||
| CVE-2022-44744 | 1 Acronis | 1 Cyber Protect Home Office | 2024-11-21 | 7.3 High |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | ||||
| CVE-2022-43751 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 7.8 High |
| McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an unprivileged user. This may have allowed the unprivileged user to execute arbitrary code with system privileges. | ||||
| CVE-2022-43722 | 1 Siemens | 1 Sicam Pas\/pqs | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. | ||||
| CVE-2022-43456 | 2 Intel, Intel Rst Software | 2 Rapid Storage Technology, Intel Rst Software | 2024-11-21 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) RST software before versions 16.8.5.1014.5, 17.11.3.1010.2, 18.7.6.1011.2 and 19.5.2.1049.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-43310 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 7.8 High |
| An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path. | ||||
| CVE-2022-42945 | 1 Autodesk | 1 Dwg Trueview | 2024-11-21 | 7.8 High |
| DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability. Successful exploitation by a malicious attacker could result in remote code execution on the target system. | ||||
| CVE-2022-41796 | 1 Sony | 1 Content Transfer | 2024-11-21 | 7.8 High |
| Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2022-41141 | 1 Windscribe | 1 Windscribe | 2024-11-21 | 7.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16859. | ||||
| CVE-2022-40978 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 7.5 High |
| The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking | ||||
| CVE-2022-40746 | 2 Ibm, Microsoft | 2 I Access Client Solutions, Windows | 2024-11-21 | 7.2 High |
| IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581. | ||||
| CVE-2022-3859 | 1 Trellix | 1 Agent | 2024-11-21 | 6.7 Medium |
| An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there. | ||||
| CVE-2022-39846 | 1 Samsung | 1 Smart Switch Pc | 2024-11-21 | 6.2 Medium |
| DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code. | ||||
| CVE-2022-39286 | 3 Debian, Fedoraproject, Jupyter | 3 Debian Linux, Fedora, Jupyter Core | 2024-11-21 | 8.8 High |
| Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds. | ||||
| CVE-2022-38633 | 1 Genymobile | 1 Genymotion Desktop | 2024-11-21 | 7.8 High |
| Genymotion Desktop v3.2.1 was discovered to contain a DLL hijacking vulnerability which allows attackers to escalate privileges and execute arbitrary code via a crafted binary. | ||||
| CVE-2022-38395 | 1 Hp | 2 Fusion, Support Assistant | 2024-11-21 | 7.8 High |
| HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up. | ||||