Vulnerabilities (CVE)

CWE filter

CWE-426

Filter

287 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-3745 2019-10-11 6.9
The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an...
CVE-2019-8461 1 Checkpoint 1 Endpoint Security 2019-10-09 6.8
Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted...
CVE-2019-6826 1 Schneider-electric 1 Somachine Hvac 2019-10-09 6.8
A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product.
CVE-2019-6165 1 Lenovo 2 Yoga 700-11isk Firmware, Yoga 700-14isk Firmware 2019-10-09 6.8
A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended support for PaperDisplay Hotkey software as the Night light feature introduced in Windows 10 Build...
CVE-2019-6154 2019-10-09 6.8
A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system.
CVE-2019-5631 1 Rapid7 1 Insightappsec 2019-10-09 9.3
The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product. If exploited, a local user of the system (who must already be authenticated to the operating system) can elevate their...
CVE-2019-3646 1 Mcafee 1 Total Protection 2019-10-09 6.0
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an...
CVE-2019-3587 2019-10-09 6.8
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder.
CVE-2019-10971 1 Omron 1 Network Configurator For Devicenet Safety 2019-10-09 6.8
The application (Network Configurator for DeviceNet Safety 3.41 and prior) searches for resources by means of an untrusted search path that could execute a malicious .dll file not under the application's direct control and outside the intended...
CVE-2018-7365 1 Zte 2 Usmartview, Zxcloud Irai 2019-10-09 6.5
All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations.
CVE-2018-6700 2019-10-09 6.8
DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware.
CVE-2018-6661 1 Mcafee 1 True Key 2019-10-09 6.8
DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.
CVE-2018-5470 1 Philips 1 Intellispace Portal 2019-10-09 7.2
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.
CVE-2018-1888 1 Ibm 1 I Access 2019-10-09 6.8
An untrusted search path vulnerability in IBM i Access for Windows versions 7.1 and earlier on Windows can allow arbitrary code execution via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. IBM...
CVE-2018-1802 1 Ibm 1 Db2 2019-10-09 4.6
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious...
CVE-2018-1487 1 Ibm 1 Db2 2019-10-09 4.6
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious...
CVE-2018-1458 1 Ibm 1 Db2 2019-10-09 6.8
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM X-Force ID: 140209.
CVE-2018-1437 1 Ibm 1 Notes 2019-10-09 9.3
IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary code on the system, caused by an error related to multiple untrusted search path. A local attacker could exploit this vulnerability to DLL hijacking to execute arbitrary code on...
CVE-2018-1435 1 Ibm 1 Notes 2019-10-09 6.8
IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A remote attacker could trick a user to double click a malicious executable in an attacker-controlled directory, which could result in code execution. IBM X-Force ID: 139563.
CVE-2018-12449 1 Navercorp 1 Whale 2019-10-09 6.8
The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.