Total
710 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24424 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2021-09-08 | 6.9 MEDIUM | 7.8 HIGH |
| Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2019-20856 | 2 Apple, Mattermost | 2 Macos, Mattermost Desktop | 2021-09-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection. | |||||
| CVE-2020-3803 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-09-08 | 4.4 MEDIUM | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2019-7962 | 3 Adobe, Apple, Microsoft | 3 Illustrator Cc, Macos, Windows | 2021-09-08 | 4.4 MEDIUM | 7.8 HIGH |
| Adobe Illustrator CC versions 23.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2019-7960 | 3 Adobe, Apple, Microsoft | 3 Animate Cc, Macos, Windows | 2021-09-08 | 4.4 MEDIUM | 7.8 HIGH |
| Adobe Animate CC versions 19.2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2021-20793 | 1 Sony | 2 Audio Usb Driver, Hap Music Transfer | 2021-09-01 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2021-28636 | 1 Adobe | 2 Acrobat Dc, Acrobat Reader Dc | 2021-08-31 | 8.5 HIGH | 7.3 HIGH |
| Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker with access to the victim's C:/ folder could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28594 | 1 Adobe | 1 Creative Cloud Desktop Application | 2021-08-31 | 9.3 HIGH | 7.8 HIGH |
| Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Uncontrolled Search Path Element vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28595 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2021-08-30 | 9.3 HIGH | 7.8 HIGH |
| Adobe Dimension version 3.4 (and earlier) is affected by an Uncontrolled Search Path Element element. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-0160 | 1 Intel | 6 Avermedia Capture Card, Nuc Pro Chassis Element Cmcm2fb, Nuc Pro Chassis Element Cmcm2fbav and 3 more | 2021-08-20 | 4.6 MEDIUM | 7.8 HIGH |
| Uncontrolled search path in some Intel(R) NUC Pro Chassis Element AverMedia Capture Card drivers before version 3.0.64.143 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-36753 | 1 Bat Project | 1 Bat | 2021-08-17 | 4.6 MEDIUM | 7.8 HIGH |
| sharkdp BAT before 0.18.2 executes less.exe from the current working directory. | |||||
| CVE-2021-38571 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2021-08-12 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka CNVD-C-2021-68000 and CNVD-C-2021-68502. | |||||
| CVE-2021-32580 | 1 Acronis | 1 True Image | 2021-08-12 | 4.4 MEDIUM | 7.8 HIGH |
| Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking. | |||||
| CVE-2018-11049 | 2 Emc, Rsa | 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance | 2021-08-06 | 6.9 MEDIUM | 7.3 HIGH |
| RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system. | |||||
| CVE-2020-4623 | 2 Ibm, Microsoft | 2 I2 Ibase, Windows | 2021-08-04 | 4.4 MEDIUM | 6.5 MEDIUM |
| IBM i2 iBase 8.9.13 could allow a local authenticated attacker to execute arbitrary code on the system, caused by a DLL search order hijacking flaw. By using a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 184984. | |||||
| CVE-2020-18173 | 1 1password | 1 1password | 2021-08-04 | 4.4 MEDIUM | 7.8 HIGH |
| A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code. | |||||
| CVE-2020-5316 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2021-08-02 | 4.6 MEDIUM | 7.8 HIGH |
| Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code. | |||||
| CVE-2021-1089 | 1 Nvidia | 1 Gpu Display Driver | 2021-07-30 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. | |||||
| CVE-2021-3550 | 1 Lenovo | 1 Pcmanager | 2021-07-27 | 4.6 MEDIUM | 7.8 HIGH |
| A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation. | |||||
| CVE-2020-11634 | 1 Zscaler | 1 Client Connector | 2021-07-27 | 6.9 MEDIUM | 7.8 HIGH |
| The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may be able to execute arbitrary code in the SYSTEM context. | |||||