Total
832 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1237 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system which, in turn, causes a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. | |||||
| CVE-2021-1089 | 1 Nvidia | 1 Gpu Display Driver | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. | |||||
| CVE-2021-0169 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Uncontrolled Search Path Element in software for Intel(R) PROSet/Wireless Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0160 | 1 Intel | 6 Avermedia Capture Card, Nuc Pro Chassis Element Cmcm2fb, Nuc Pro Chassis Element Cmcm2fbav and 3 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Uncontrolled search path in some Intel(R) NUC Pro Chassis Element AverMedia Capture Card drivers before version 3.0.64.143 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0108 | 1 Intel | 1 Unite | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
| Uncontrolled search path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2021-0104 | 1 Intel | 1 Rapid Storage Technology | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Uncontrolled search path element in the installer for the Intel(R) Rapid Storage Technology software, before versions 17.9.0.34, 18.0.0.640 and 18.1.0.24, may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0090 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
| Uncontrolled search path element in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2021-0082 | 1 Intel | 30 7265, 7265 Firmware, Ac1550 and 27 more | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Uncontrolled search path in software installer for Intel(R) PROSet/Wireless WiFi in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0057 | 1 Intel | 4 Lapbc510, Lapbc510 Firmware, Lapbc710 and 1 more | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-9858 | 1 Apple | 1 Windows Migration Assistant | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 (v. 1A11). Running the installer in an untrusted directory may result in arbitrary code execution. | |||||
| CVE-2020-9767 | 1 Zoom | 1 Sharing Service | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL. Zoom addressed this issue, which only applies to Windows users, in the 5.0.4 client release. | |||||
| CVE-2020-9724 | 2 Adobe, Microsoft | 2 Lightroom, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library loading vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2020-9681 | 3 Adobe, Apple, Microsoft | 3 Genuine Service, Macos, Windows | 2024-11-21 | 4.4 MEDIUM | 6.5 MEDIUM |
| Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, which may lead to elevated permissions. Exploitation of this issue requires user interaction. | |||||
| CVE-2020-9667 | 3 Adobe, Apple, Microsoft | 3 Genuine Service, Macos, Windows | 2024-11-21 | 6.9 MEDIUM | 6.5 MEDIUM |
| Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker with admin privileges could plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction. | |||||
| CVE-2020-9367 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code, leading to an escalation of privilege to NT AUTHORITY\SYSTEM. | |||||
| CVE-2020-9290 | 1 Fortinet | 2 Forticlient, Forticlient Virtual Private Network | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | |||||
| CVE-2020-9287 | 1 Fortinet | 1 Forticlient Emergency Management Server | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | |||||
| CVE-2020-9100 | 1 Huawei | 1 Hisuite | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing. | |||||
| CVE-2020-8959 | 1 Westerndigital | 2 Sandiskssddashboardsetup.exe, Westerndigitalssddashboardsetup.exe | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 allows DLL Hijacking. | |||||
| CVE-2020-8702 | 1 Intel | 1 Processor Diagnostic Tool | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
| Uncontrolled search path element in the Intel(R) Processor Diagnostic Tool before version 4.1.5.37 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||