Total
498 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20769 | 1 Lg | 2 G3, Pc Suite | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier). DLL Hijacking can occur via a Trojan horse DLL in the current working directory. The LG ID is LVE-MOT-190001 (November 2019). | |||||
| CVE-2019-20358 | 2 Microsoft, Trendmicro | 2 Windows, Anti-threat Toolkit | 2021-07-21 | 5.1 MEDIUM | 7.8 HIGH |
| Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to CVE-2019-9491 was idenitfied and resolved in version 1.62.0.1228 of the tool. | |||||
| CVE-2020-5821 | 1 Symantec | 1 Endpoint Protection | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own code in place of legitimate code as a means to perform an exploit. | |||||
| CVE-2020-5674 | 2 Epson, Microsoft | 37 Album Print, Color Calibration Utility, Colorbase and 34 more | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2019-19235 | 2 Asus, Microsoft | 2 Atk Package, Windows 10 | 2021-07-21 | 6.9 MEDIUM | 7.0 HIGH |
| AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name. | |||||
| CVE-2020-3979 | 2 Installbuilder, Microsoft | 2 Installbuilder, Windows | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which could result in code execution with the security scope of the installer. | |||||
| CVE-2019-18670 | 1 Acer | 1 Quick Access | 2021-07-21 | 6.9 MEDIUM | 7.8 HIGH |
| In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITY\SYSTEM. This is a DLL Hijacking vulnerability (including search order hijacking, which searches for the missing DLL in the PATH environment variable), which is caused by an uncontrolled search path element for nvapi.dll, atiadlxx.dll, or atiadlxy.dll. | |||||
| CVE-2020-35145 | 1 Acronis | 1 True Image | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue. | |||||
| CVE-2019-18215 | 1 Comodo | 1 Comodo Internet Security | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in signmgr.dll 6.5.0.819 in Comodo Internet Security through 12.0. A DLL Preloading vulnerability allows an attacker to implant an unsigned DLL named iLog.dll in a partially unprotected product directory. This DLL is then loaded into a high-privileged service before the binary signature validation logic is loaded, and might bypass some of the self-defense mechanisms. | |||||
| CVE-2020-27708 | 1 Ea | 1 Origin | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Once the user has obtained elevated access, they may be able to take control of the system and perform actions otherwise reserved for high privileged users or system Administrators. | |||||
| CVE-2020-26894 | 2 Faulknermedia, Microsoft | 2 Wildlife Issues In The New Millennium, Windows | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell()" function, it will attempt to search for "cmd.exe" in the folder of the current application and run the malicious "cmd.exe". | |||||
| CVE-2019-5245 | 1 Huawei | 1 Hisuite | 2021-07-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing that could execute arbitrary code. | |||||
| CVE-2020-9724 | 2 Adobe, Microsoft | 2 Lightroom, Windows | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library loading vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2019-7931 | 1 Adobe | 1 Premiere Pro Cc | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7365 | 1 Autodesk | 1 Autodesk Desktop | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system. | |||||
| CVE-2020-9100 | 1 Huawei | 1 Hisuite | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing. | |||||
| CVE-2019-7956 | 2 Adobe, Microsoft | 2 Dreamweaver, Windows | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user. | |||||
| CVE-2019-7961 | 1 Adobe | 1 Prelude Cc | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Prelude CC versions 8.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-8062 | 1 Adobe | 1 After Effects | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7362 | 1 Autodesk | 1 Design Review | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerability, which may result in code execution. | |||||