Total
498 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24160 | 1 Tencent | 1 Tim | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. | |||||
| CVE-2020-24159 | 1 163 | 1 Netease Youdao Dictionary | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. This affects Guangzhou NetEase Youdao Dictionary 8.9.2.0. | |||||
| CVE-2020-24158 | 1 360 | 1 Speed Browser | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| 360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. It is a dual-core browser owned by Beijing Qihoo Technology. | |||||
| CVE-2020-29157 | 1 Raonwiz | 1 Raon K Editor | 2021-07-20 | 6.9 MEDIUM | 7.8 HIGH |
| An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform a DLL hijacking attack when the service or system is restarted. | |||||
| CVE-2021-36376 | 2 Delta Project, Microsoft | 2 Delta, Windows | 2021-07-16 | 4.4 MEDIUM | 7.8 HIGH |
| dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory. | |||||
| CVE-2021-35957 | 1 Stormshield | 1 Endpoint Security | 2021-07-15 | 4.6 MEDIUM | 6.7 MEDIUM |
| Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones. | |||||
| CVE-2021-3613 | 1 Openvpn | 1 Connect | 2021-07-09 | 4.4 MEDIUM | 7.8 HIGH |
| OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe). | |||||
| CVE-2021-3606 | 2 Microsoft, Openvpn | 2 Windows, Openvpn | 2021-07-09 | 4.4 MEDIUM | 7.8 HIGH |
| OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe). | |||||
| CVE-2021-28570 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-07-02 | 9.3 HIGH | 8.6 HIGH |
| Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An unauthenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction. | |||||
| CVE-2021-29949 | 1 Mozilla | 1 Thunderbird | 2021-06-30 | 4.4 MEDIUM | 7.8 HIGH |
| When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious library has been copied to a directory that is contained in the search path for executable libraries, then Thunderbird will load the incorrect library. This vulnerability affects Thunderbird < 78.9.1. | |||||
| CVE-2021-21070 | 2 Adobe, Microsoft | 2 Robohelp, Windows | 2021-06-28 | 9.3 HIGH | 6.5 MEDIUM |
| Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with admin permissions to write to the file system could leverage this vulnerability to escalate privileges. | |||||
| CVE-2020-9667 | 3 Adobe, Apple, Microsoft | 3 Genuine Service, Macos, Windows | 2021-06-28 | 6.9 MEDIUM | 6.5 MEDIUM |
| Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker with admin privileges could plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction. | |||||
| CVE-2021-0104 | 1 Intel | 1 Rapid Storage Technology | 2021-06-28 | 4.4 MEDIUM | 7.8 HIGH |
| Uncontrolled search path element in the installer for the Intel(R) Rapid Storage Technology software, before versions 17.9.0.34, 18.0.0.640 and 18.1.0.24, may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0090 | 1 Intel | 1 Driver \& Support Assistant | 2021-06-23 | 4.4 MEDIUM | 7.3 HIGH |
| Uncontrolled search path element in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2021-3041 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2021-06-23 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory or to manipulate key registry values. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.11; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.8; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.3; All versions of Cortex XDR agent 7.2 without content update release 171 or a later version. | |||||
| CVE-2020-8702 | 1 Intel | 1 Processor Diagnostic Tool | 2021-06-22 | 4.4 MEDIUM | 7.3 HIGH |
| Uncontrolled search path element in the Intel(R) Processor Diagnostic Tool before version 4.1.5.37 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-23023 | 1 F5 | 1 Big-ip Access Policy Manager | 2021-06-22 | 6.9 MEDIUM | 7.8 HIGH |
| On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-0108 | 1 Intel | 1 Unite | 2021-06-22 | 4.4 MEDIUM | 7.3 HIGH |
| Uncontrolled search path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2021-31840 | 1 Mcafee | 1 Mcafee Agent | 2021-06-21 | 4.4 MEDIUM | 7.3 HIGH |
| A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. This would result in the user gaining elevated permissions and being able to execute arbitrary code. | |||||
| CVE-2021-0057 | 1 Intel | 4 Lapbc510, Lapbc510 Firmware, Lapbc710 and 1 more | 2021-06-17 | 4.4 MEDIUM | 7.8 HIGH |
| Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||