Total
702 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3423 | 1 Bitdefender | 1 Gravityzone Business Security | 2021-05-25 | 4.6 MEDIUM | 7.8 HIGH |
| Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. This issue affects Bitdefender GravityZone Business Security versions prior to 6.6.23.329. | |||||
| CVE-2020-24755 | 1 Ui | 1 Unifi Video | 2021-05-24 | 6.9 MEDIUM | 7.8 HIGH |
| In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This was tested in (Windows 7 x64/Windows 10 x64). | |||||
| CVE-2020-0515 | 1 Intel | 1 Graphics Driver | 2021-05-19 | 4.6 MEDIUM | 7.8 HIGH |
| Uncontrolled search path element in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7584, 15.45.30.5103, 15.40.44.5107, 15.36.38.5117, and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege via local access | |||||
| CVE-2021-3464 | 1 Lenovo | 1 Pcmanager | 2021-05-06 | 7.2 HIGH | 7.8 HIGH |
| A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation. | |||||
| CVE-2021-21545 | 1 Dell | 1 Peripheral Manager | 2021-04-26 | 7.2 HIGH | 7.8 HIGH |
| Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user. | |||||
| CVE-2020-7585 | 1 Siemens | 4 Simatic Pcs 7, Simatic Process Device Manager, Simatic Step 7 and 1 more | 2021-04-22 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information. | |||||
| CVE-2021-28647 | 1 Trendmicro | 1 Password Manager | 2021-04-14 | 4.4 MEDIUM | 7.8 HIGH |
| Trend Micro Password Manager version 5 (Consumer) is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and could execute a malicious program each time a user installs a program. | |||||
| CVE-2021-22665 | 1 Rockwellautomation | 2 Drivetools Add-on Profiles, Drivetools Sp | 2021-03-25 | 7.2 HIGH | 7.8 HIGH |
| Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system. | |||||
| CVE-2020-9367 | 1 Zohocorp | 1 Manageengine Desktop Central | 2021-03-25 | 6.9 MEDIUM | 7.8 HIGH |
| The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code, leading to an escalation of privilege to NT AUTHORITY\SYSTEM. | |||||
| CVE-2020-6790 | 1 Bosch | 1 Video Streaming Gateway | 2021-03-25 | 6.9 MEDIUM | 7.8 HIGH |
| Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious exe in the same directory where the installer is started from. | |||||
| CVE-2020-6771 | 1 Bosch | 1 Ip Helper | 2021-03-25 | 6.9 MEDIUM | 7.8 HIGH |
| Loading a DLL through an Uncontrolled Search Path Element in Bosch IP Helper up to and including version 1.00.0008 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same application directory as the portable IP Helper application. | |||||
| CVE-2020-6785 | 1 Bosch | 5 Divar Ip 7000 R2, Divar Ip All-in-one 5000, Divar Ip All-in-one 7000 and 2 more | 2021-03-25 | 6.9 MEDIUM | 7.8 HIGH |
| Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1. | |||||
| CVE-2020-6786 | 1 Bosch | 1 Video Recording Manager | 2021-03-25 | 6.9 MEDIUM | 7.8 HIGH |
| Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Recording Manager installer up to and including version 3.82.0055 for 3.82, up to and including version 3.81.0064 for 3.81 and 3.71 and older potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. | |||||
| CVE-2020-6787 | 1 Bosch | 1 Video Client | 2021-03-25 | 6.9 MEDIUM | 7.8 HIGH |
| Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Client installer up to and including version 1.7.6.079 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. | |||||
| CVE-2020-6788 | 1 Bosch | 1 Configuration Manager | 2021-03-25 | 6.9 MEDIUM | 7.8 HIGH |
| Loading a DLL through an Uncontrolled Search Path Element in the Bosch Configuration Manager installer up to and including version 7.21.0078 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. | |||||
| CVE-2020-6789 | 1 Bosch | 1 Monitor Wall | 2021-03-25 | 6.9 MEDIUM | 7.8 HIGH |
| Loading a DLL through an Uncontrolled Search Path Element in the Bosch Monitor Wall installer up to and including version 10.00.0164 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. | |||||
| CVE-2021-20674 | 1 Ntt-tx | 1 Magicconnect | 2021-03-19 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Installer of MagicConnect Client program distributed before 2021 March 1 allows an attacker to gain privileges and via a Trojan horse DLL in an unspecified directory and to execute arbitrary code with the privilege of the user invoking the installer when a terminal is connected remotely using Remote desktop. | |||||
| CVE-2021-21518 | 1 Dell | 3 Supportassist Client Promanage, Supportassist For Business Pcs, Supportassist For Home Pcs | 2021-03-19 | 7.2 HIGH | 7.8 HIGH |
| Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges. | |||||
| CVE-2020-24451 | 1 Intel | 1 Optane Dc Persistent Memory Module Management | 2021-02-23 | 4.4 MEDIUM | 7.3 HIGH |
| Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memory installer for Windows* before version 1.00.00.3506 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-25247 | 2 Microsoft, Trendmicro | 2 Windows, Housecall For Home Networks | 2021-02-03 | 4.4 MEDIUM | 7.8 HIGH |
| A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability. | |||||