Total
498 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7093 | 2 Adobe, Microsoft | 2 Creative Cloud, Windows | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Creative Cloud Desktop Application (installer) versions 4.7.0.400 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2019-14684 | 1 Trendmicro | 1 Password Manager | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687. | |||||
| CVE-2019-14687 | 1 Trendmicro | 1 Password Manager | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14684. | |||||
| CVE-2019-14242 | 2 Bitdefender, Microsoft | 5 Antivirus Plus, Endpoint Security Tool, Internet Security and 2 more | 2021-07-21 | 7.2 HIGH | 6.7 MEDIUM |
| An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges. | |||||
| CVE-2020-11613 | 1 Mids\' Reborn Hero Designer Project | 1 Mids\' Reborn Hero Designer | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can replace binaries or plant malicious DLLs to obtain elevated, or different, privileges, depending on the context of the user that runs the application. | |||||
| CVE-2019-12177 | 1 Htc | 1 Viveport | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking. | |||||
| CVE-2020-24578 | 1 D-link | 2 Dsl2888a, Dsl2888a Firmware | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file). | |||||
| CVE-2020-15724 | 1 360totalsecurity | 1 360 Total Security | 2021-07-21 | 6.9 MEDIUM | 7.8 HIGH |
| In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system. | |||||
| CVE-2020-15723 | 1 360totalsecurity | 1 360 Total Security | 2021-07-21 | 6.9 MEDIUM | 7.8 HIGH |
| In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system. | |||||
| CVE-2020-15722 | 1 360totalsecurity | 1 360 Total Security | 2021-07-21 | 6.9 MEDIUM | 7.8 HIGH |
| In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system. | |||||
| CVE-2020-26538 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory. | |||||
| CVE-2020-26050 | 1 Safervpn | 1 Safervpn | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low privileged users to SYSTEM via a crafted openssl configuration file. This issue is similar to CVE-2019-12572. | |||||
| CVE-2020-15596 | 1 Hp | 28 Elite X2 1012 G1, Elite X2 1012 G1 Firmware, Elite X2 1012 G2 and 25 more | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file. | |||||
| CVE-2019-17665 | 1 Nsa | 1 Ghidra | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory. | |||||
| CVE-2020-10649 | 2 Asus, Microsoft | 2 Device Activation, Windows 10 | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name. | |||||
| CVE-2019-17093 | 2 Avast, Avg | 2 Antivirus, Anti-virus | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms. This affects all components that use WMI, e.g., AVGSvc.exe 19.6.4546.0 and TuneupSmartScan.dll 19.1.884.0. | |||||
| CVE-2019-16407 | 1 Jetbrains | 1 Resharper | 2021-07-21 | 4.4 MEDIUM | 7.3 HIGH |
| JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability. | |||||
| CVE-2020-24356 | 1 Cloudflare | 1 Cloudflared | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| `cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, `cloudflared` searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user. Version 2020.8.1 fixes this issue. | |||||
| CVE-2019-14686 | 2 Microsoft, Trendmicro | 6 Windows, Antivirus \+ Security 2019, Internet Security 2019 and 3 more | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges. | |||||
| CVE-2020-24161 | 1 163 | 1 Netease Mail Master | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code. | |||||