Total
702 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42101 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2021-10-27 | 4.6 MEDIUM | 7.8 HIGH |
| An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar but not identical to CVE-2021-42103. | |||||
| CVE-2018-16177 | 2 Microsoft, Ntt-west | 2 Windows 10, Fall Creators Update | 2021-10-18 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in The installer of Windows 10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2021-28130 | 2 Drweb, Microsoft | 2 Security Space, Windows | 2021-10-06 | 4.4 MEDIUM | 7.8 HIGH |
| Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within a legitimate binary (e.g., frwl_svc.exe) bypasses firewall filters. | |||||
| CVE-2021-32466 | 2 Microsoft, Trendmicro | 2 Windows, Housecall For Home Networks | 2021-10-02 | 6.9 MEDIUM | 7.0 HIGH |
| An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | |||||
| CVE-2021-40981 | 1 Asus | 1 Armoury Crate Lite Service | 2021-10-01 | 4.4 MEDIUM | 7.3 HIGH |
| ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory. | |||||
| CVE-2021-26750 | 1 Pandasecurity | 2 Panda Adaptive Defense 360, Panda Devices Agent | 2021-09-30 | 4.4 MEDIUM | 7.8 HIGH |
| DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Panda Adaptive Defense 360 <= 8.0.17 allows attacker to escalate privileges via maliciously crafted DLL file. | |||||
| CVE-2021-38086 | 2 Acronis, Microsoft | 2 Cyber Protect, Windows | 2021-09-23 | 4.4 MEDIUM | 7.8 HIGH |
| Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking. | |||||
| CVE-2021-36216 | 1 Linecorp | 1 Line | 2021-09-15 | 4.6 MEDIUM | 7.8 HIGH |
| LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection. | |||||
| CVE-2020-5324 | 1 Dell | 226 G3 15 3590, G3 15 3590 Firmware, G3 3579 and 223 more | 2021-09-14 | 2.6 LOW | 4.4 MEDIUM |
| Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers. | |||||
| CVE-2018-8090 | 1 Quickheal | 3 Antivirus Pro, Internet Security, Total Security | 2021-09-13 | 6.8 MEDIUM | 7.8 HIGH |
| Quick Heal Total Security 64 bit 17.00 (QHTS64.exe), (QHTSFT64.exe) - Version 10.0.1.38; Quick Heal Total Security 32 bit 17.00 (QHTS32.exe), (QHTSFT32.exe) - Version 10.0.1.38; Quick Heal Internet Security 64 bit 17.00 (QHIS64.exe), (QHISFT64.exe) - Version 10.0.0.37; Quick Heal Internet Security 32 bit 17.00 (QHIS32.exe), (QHISFT32.exe) - Version 10.0.0.37; Quick Heal AntiVirus Pro 64 bit 17.00 (QHAV64.exe), (QHAVFT64.exe) - Version 10.0.0.37; and Quick Heal AntiVirus Pro 32 bit 17.00 (QHAV32.exe), (QHAVFT32.exe) - Version 10.0.0.37 allow DLL Hijacking because of Insecure Library Loading. | |||||
| CVE-2021-22775 | 1 Schneider-electric | 1 Gp-pro Ex | 2021-09-10 | 4.4 MEDIUM | 7.8 HIGH |
| A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP-Pro EX,V4.09.250 and prior, that could cause local code execution with elevated privileges when installing the software. | |||||
| CVE-2020-24425 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2021-09-08 | 7.2 HIGH | 7.8 HIGH |
| Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Successful exploitation could result in a local user with permissions to write to the file system running system commands with administrator privileges. | |||||
| CVE-2020-24424 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2021-09-08 | 6.9 MEDIUM | 7.8 HIGH |
| Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2019-20856 | 2 Apple, Mattermost | 2 Macos, Mattermost Desktop | 2021-09-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection. | |||||
| CVE-2020-3803 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-09-08 | 4.4 MEDIUM | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2019-7962 | 3 Adobe, Apple, Microsoft | 3 Illustrator Cc, Macos, Windows | 2021-09-08 | 4.4 MEDIUM | 7.8 HIGH |
| Adobe Illustrator CC versions 23.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2019-7960 | 3 Adobe, Apple, Microsoft | 3 Animate Cc, Macos, Windows | 2021-09-08 | 4.4 MEDIUM | 7.8 HIGH |
| Adobe Animate CC versions 19.2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2021-20793 | 1 Sony | 2 Audio Usb Driver, Hap Music Transfer | 2021-09-01 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2021-28636 | 1 Adobe | 2 Acrobat Dc, Acrobat Reader Dc | 2021-08-31 | 8.5 HIGH | 7.3 HIGH |
| Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker with access to the victim's C:/ folder could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28594 | 1 Adobe | 1 Creative Cloud Desktop Application | 2021-08-31 | 9.3 HIGH | 7.8 HIGH |
| Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Uncontrolled Search Path Element vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||