Low
CVSS: 3.7
A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized pa…
High
CVSS: 8.8
Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation th…
High
CVSS: 8.5
A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges.
High
CVSS: 8.5
RemoteCall Remote Support Program (for Operator) versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code exec…
High
CVSS: 8.5
RemoteCall Remote Support Program (for Operator) versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code exec…
High
CVSS: 8.5
RemoteView PC Application Console versions prior to 6.0.2 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution.
Medium
CVSS: 6.7
An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local low privileged user to perform a DLL hijacking attack via placing a malicious D…
High
CVSS: 8.6
Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package.
This security issue has been fixed in the latest version of IPP wh…
High
CVSS: 8.2
NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering.
High
CVSS: 8.8
Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 before 2.4.0p13, from 2.3.0 before 2.3.0p38, from 2.2.0 before 2.2.0p46,…
Medium
CVSS: 6.7
In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlp_…
High
CVSS: 8.4
The installers of DENSO TEN drive recorder viewer contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking th…
High
CVSS: 7.3
In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.
High
CVSS: 8.4
Installer of
Panasonic
AutoDownloader
version 1.2.8
contains an issue with the DLL search path, which may lead to loading
a crafted DLL file in the same directory.
Medium
CVSS: 6.7
NVIDIA Nsight Graphics for Windows contains a vulnerability in an ngfx component, where an attacker could cause a DLL highjacking attack. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data…
High
CVSS: 8.8
DigiSign DigiSigner ONE 1.0.4.60 allows DLL Hijacking.
High
CVSS: 7.3
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42386, Acronis True Image for Western Digital (Windows) before build 42636, Acronis True Image for…
High
CVSS: 8.4
Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a direc…
High
CVSS: 8.8
Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6.
High
CVSS: 7.0
A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files locat…