Total
1085 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6592 | 1 Symantec | 1 Norton Download Manager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. A remote user can create a specially crafted DLL file that, when placed on the target user's system, will cause the Norton Download Manager component to load the remote user's DLL instead of the intended DLL and execute arbitrary code when the Norton Download Manager component is run by the target user. | |||||
| CVE-2016-5311 | 1 Symantec | 9 Endpoint Protection, Endpoint Protection Cloud, Norton 360 and 6 more | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges. | |||||
| CVE-2015-1014 | 1 Schneider-electric | 3 Citectscada, Opc Factory Server, Scada Expert Vijeo Citect | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
| A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version. | |||||
| CVE-2013-0725 | 1 Hexagongeospatial | 1 Erdas Er Viewer | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries arbitrary code execution vulnerabilities | |||||
| CVE-2024-47942 | 1 Siemens | 1 Solid Edge Se2024 | 2024-11-13 | N/A | 7.3 HIGH |
| A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system. | |||||
| CVE-2024-10093 | 1 Vso-software | 1 Convertxtodvd | 2024-11-01 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Affected is an unknown function in the library avcodec.dll of the file ConvertXtoDvd.exe. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-48605 | 1 Helakuru | 1 Helakuru | 2024-10-30 | N/A | 7.8 HIGH |
| An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file. | |||||
| CVE-2024-49390 | 1 Acronis | 1 Cyber Files | 2024-10-18 | N/A | 7.3 HIGH |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24. | |||||
| CVE-2024-49391 | 1 Acronis | 1 Cyber Files | 2024-10-18 | N/A | 7.3 HIGH |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24. | |||||
| CVE-2024-30117 | 1 Hcltech | 1 Bigfix Platform | 2024-10-17 | N/A | 5.3 MEDIUM |
| A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances. | |||||
| CVE-2024-45710 | 1 Solarwinds | 1 Solarwinds Platform | 2024-10-17 | N/A | 7.8 HIGH |
| SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine. | |||||
| CVE-2024-4089 | 1 Lenovo | 1 Superfile | 2024-10-17 | N/A | 7.8 HIGH |
| A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges. | |||||
| CVE-2024-4130 | 1 Lenovo | 1 App Store | 2024-10-17 | N/A | 7.8 HIGH |
| A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges. | |||||
| CVE-2024-4131 | 1 Lenovo | 1 Emulator | 2024-10-17 | N/A | 7.8 HIGH |
| A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges. | |||||
| CVE-2024-4132 | 1 Lenovo | 1 Lock Screen | 2024-10-17 | N/A | 7.8 HIGH |
| A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges. | |||||
| CVE-2024-9046 | 1 Lenovo | 1 Starstudio | 2024-10-17 | N/A | 7.8 HIGH |
| A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges. | |||||
| CVE-2024-47194 | 1 Siemens | 2 Modelsim, Questa | 2024-10-16 | N/A | 7.3 HIGH |
| A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vish2.exe in affected applications allows a specific DLL file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vish2.exe from a user-writable directory. | |||||
| CVE-2024-47195 | 1 Siemens | 2 Modelsim, Questa | 2024-10-16 | N/A | 7.3 HIGH |
| A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). gdb.exe in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch gdb.exe from a user-writable directory. | |||||
| CVE-2024-6510 | 1 Avg | 1 Internet Security | 2024-10-02 | N/A | 7.8 HIGH |
| Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking. | |||||
| CVE-2024-34153 | 1 Intel | 1 Raid Web Console | 2024-09-23 | N/A | 7.8 HIGH |
| Uncontrolled search path element in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||