Export limit exceeded: 362635 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (2564 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-25366 1 Cryptomator 1 Cryptomator 2024-11-21 7.8 High
Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious .dylib file that can be executed via the DYLD_INSERT_LIBRARIES environment variable.
CVE-2022-25348 2 Hibara, Microsoft 2 Attachecase, Windows 2024-11-21 7.8 High
Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
CVE-2022-25255 4 Linux, Opengroup, Qt and 1 more 4 Linux Kernel, Unix, Qt and 1 more 2024-11-21 7.8 High
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
CVE-2022-25154 1 Samsung 2 T5, T5 Firmware 2024-11-21 7.3 High
A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows 7, 10, or 11 to exploit this vulnerability.)
CVE-2022-25031 1 Rdpsoft 1 Remote Desktop Commander Suite Agent 2024-11-21 7.8 High
Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVE-2022-24955 2 Foxit, Microsoft 3 Pdf Editor, Pdf Reader, Windows 2024-11-21 9.8 Critical
Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have an Uncontrolled Search Path Element for DLL files.
CVE-2022-24932 2 Google, Samsung 2 Android, Cloud 2024-11-21 4.2 Medium
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard.
CVE-2022-24767 2 Git For Windows Project, Microsoft 4 Git For Windows, Visual Studio 2017, Visual Studio 2019 and 1 more 2024-11-21 7.8 High
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.
CVE-2022-24426 1 Dell 3 Alienware Update, Command Update, Update 2024-11-21 7.8 High
Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.
CVE-2022-24077 1 Naver 1 Cloud Explorer 2024-11-21 7.8 High
Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection.
CVE-2022-23909 2 Gimmal, Microsoft 2 Sherpa Connector Service, Windows 2024-11-21 7.8 High
There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file.
CVE-2022-23853 1 Kde 2 Kate, Ktexteditor 2024-11-21 7.8 High
The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file that was just opened (due to a misunderstanding of the QProcess API, that was never intended). This can be an untrusted directory.
CVE-2022-23607 2 Debian, Twistedmatrix 2 Debian Linux, Treq 2024-11-21 6.5 Medium
treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods (`treq.get`, `treq.post`, etc.) and `treq.client.HTTPClient` constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to *every* domain ("supercookies"). This can potentially cause sensitive information to leak upon an HTTP redirect to a different domain., e.g. should `https://example.com` redirect to `http://cloudstorageprovider.com` the latter will receive the cookie `session`. Treq 2021.1.0 and later bind cookies given to request methods (`treq.request`, `treq.get`, `HTTPClient.request`, `HTTPClient.get`, etc.) to the origin of the *url* parameter. Users are advised to upgrade. For users unable to upgrade Instead of passing a dictionary as the *cookies* argument, pass a `http.cookiejar.CookieJar` instance with properly domain- and scheme-scoped cookies in it.
CVE-2022-23449 1 Siemens 2 Simatic Energy Manager Basic, Simatic Energy Manager Pro 2024-11-21 7.3 High
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path.
CVE-2022-23410 1 Axis 1 Ip Utility 2024-11-21 7.8 High
AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder.
CVE-2022-23401 1 Yokogawa 9 Centum Cs 3000, Centum Cs 3000 Entry, Centum Cs 3000 Entry Firmware and 6 more 2024-11-21 7.8 High
The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
CVE-2022-23050 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 7.2 High
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
CVE-2022-22996 1 Westerndigital 2 Sandisk Professional G-raid 4\/8 Software Utility, Sandisk Professional G-raid 4\/8 Software Utility Driver 2024-11-21 7.8 High
The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user.
CVE-2022-22943 1 Vmware 1 Tools 2024-11-21 6.7 Medium
VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element.
CVE-2022-22788 1 Zoom 2 Meetings, Rooms 2024-11-21 7.1 High
The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host.