Total
498 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-2313 | 1 Mcafee | 1 Agent | 2022-08-02 | N/A | 7.3 HIGH |
A DLL hijacking vulnerability in the MA Smart Installer for Windows prior to 5.7.7, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL into the folder from where the Smart installer is being executed. | |||||
CVE-2022-36415 | 1 Scootersoftware | 1 Beyond Compare | 2022-08-01 | N/A | 7.8 HIGH |
A DLL hijacking vulnerability exists in the uninstaller in Scooter Beyond Compare 1.8a through 4.4.2 before 4.4.3 when installed via the EXE installer. The uninstaller attempts to load DLLs out of a Windows Temp folder. If a standard user places malicious DLLs in the C:\Windows\Temp\ folder, and then the uninstaller is run as SYSTEM, the DLLs will execute with elevated privileges. | |||||
CVE-2022-32498 | 1 Dell | 1 Powerstore Command Line Interface | 2022-07-29 | N/A | 7.8 HIGH |
Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure. | |||||
CVE-2021-45492 | 1 Sage | 1 Sage 300 | 2022-07-28 | N/A | 7.8 HIGH |
In Sage 300 ERP (formerly accpac) through 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry in the system-wide PATH environment variable. However, this directory is writable by unprivileged users because the Sage installer fails to set explicit permissions and therefore inherits weak permissions from the C:\ folder. Because entries in the system-wide PATH variable are included in the search order for DLLs, an attacker could perform DLL search-order hijacking to escalate their privileges to SYSTEM. Furthermore, if the Global Search or Web Screens functionality is enabled, then privilege escalation is possible via the GlobalSearchService and Sage.CNA.WindowsService services, again via DLL search-order hijacking because unprivileged users would have modify permissions on the application directory. Note that while older versions of the software default to installing in %PROGRAMFILES(X86)% (which would allow the Sage folder to inherit strong permissions, making the installation not vulnerable), the official Sage 300 installation guides for those versions recommend installing in C:\Sage, which would make the installation vulnerable. | |||||
CVE-2022-34901 | 1 Parallels | 1 Parallels Access | 2022-07-27 | N/A | 7.8 HIGH |
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. The service executes files from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16137. | |||||
CVE-2022-34900 | 1 Parallels | 1 Parallels Access | 2022-07-27 | N/A | 7.8 HIGH |
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 (39313) Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Dispatcher service. The service loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-15213. | |||||
CVE-2022-34902 | 1 Parallels | 1 Parallels Access | 2022-07-27 | N/A | 7.8 HIGH |
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Desktop Control Agent service. The service loads Qt plugins from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-15787. | |||||
CVE-2019-20419 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2022-07-27 | 4.4 MEDIUM | 7.8 HIGH |
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2. | |||||
CVE-2021-43940 | 2 Atlassian, Microsoft | 3 Confluence Data Center, Confluence Server, Windows | 2022-07-27 | 6.9 MEDIUM | 7.8 HIGH |
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3. | |||||
CVE-2021-42923 | 2 Microsoft, Showmypc | 2 Windows, Showmypc | 2022-07-25 | N/A | 7.3 HIGH |
ShowMyPC 3606 on Windows suffers from a DLL hijack vulnerability. If an attacker overwrites the file %temp%\ShowMyPC\-ShowMyPC3606\wodVPN.dll, it will run any malicious code contained in that file. The code will run with normal user privileges unless the user specifically runs ShowMyPC as administrator. | |||||
CVE-2020-15663 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-07-12 | 9.3 HIGH | 8.8 HIGH |
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2. | |||||
CVE-2021-21999 | 1 Vmware | 3 App Volumes, Remote Console, Tools | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges. | |||||
CVE-2021-22195 | 1 Gitlab | 1 Gitlab-vscode-extension | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system | |||||
CVE-2021-44463 | 1 Emerson | 1 Deltav | 2022-07-12 | 6.9 MEDIUM | 7.3 HIGH |
Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started. | |||||
CVE-2018-14797 | 1 Emerson | 1 Deltav | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution. | |||||
CVE-2017-20123 | 2 Microsoft, Sparklabs | 2 Windows, Viscosity | 2022-07-08 | 6.9 MEDIUM | 7.8 HIGH |
A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component. | |||||
CVE-2022-33037 | 1 Orwell-dev-cpp Project | 1 Orwell-dev-cpp | 2022-07-08 | 4.4 MEDIUM | 7.8 HIGH |
A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file. | |||||
CVE-2022-33036 | 1 Embarcadero | 1 Dev-c\+\+ | 2022-07-08 | 4.4 MEDIUM | 7.8 HIGH |
A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file. | |||||
CVE-2022-33035 | 1 Netsarang | 1 Xlpd | 2022-07-08 | 7.2 HIGH | 7.8 HIGH |
XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | |||||
CVE-2020-15523 | 3 Microsoft, Netapp, Python | 3 Windows, Snapcenter, Python | 2022-07-05 | 6.9 MEDIUM | 7.8 HIGH |
In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. |