Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-21545 | 1 Dell | 1 Peripheral Manager | 2024-09-16 | 7.8 High |
| Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user. | ||||
| CVE-2020-6786 | 1 Bosch | 1 Video Recording Manager | 2024-09-16 | 7.8 High |
| Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Recording Manager installer up to and including version 3.82.0055 for 3.82, up to and including version 3.81.0064 for 3.81 and 3.71 and older potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. | ||||
| CVE-2019-4588 | 2 Ibm, Microsoft | 2 Db2, Windows | 2024-09-16 | 7.8 High |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. | ||||
| CVE-2020-12891 | 1 Amd | 2 Radeon Pro Software, Radeon Software | 2024-09-16 | 7.8 High |
| AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable. | ||||
| CVE-2021-21011 | 2 Adobe, Microsoft | 2 Captivate, Windows | 2024-09-16 | 7 High |
| Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges. | ||||
| CVE-2019-4473 | 1 Ibm | 1 Java | 2024-09-16 | 7.8 High |
| Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984. | ||||
| CVE-2021-34606 | 1 Xinje | 1 Xd\/e Series Plc Program Tool | 2024-09-16 | 7.3 High |
| A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL. Local access is required to successfully exploit this vulnerability. This means the potential attacker must have access to the system and sufficient file-write privileges. If exploited, the attacker could place a malicious DLL file on the system, that when running XINJE XD/E Series PLC Program Tool will allow the attacker to execute arbitrary code with the privileges of another user's account. | ||||
| CVE-2018-12163 | 1 Intel | 1 Iot Developers Kit | 2024-09-16 | N/A |
| A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticated user to potentially escalate privileges using file modification via local access. | ||||
| CVE-2022-28714 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client | 2024-09-16 | 7.3 High |
| On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2020-27348 | 1 Canonical | 2 Snapcraft, Ubuntu Linux | 2024-09-16 | 6.8 Medium |
| In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1. | ||||
| CVE-2022-23202 | 1 Adobe | 1 Creative Cloud Desktop Application | 2024-09-16 | 7 High |
| Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must download a malicious DLL file. The attacker has to deliver the DLL on the same folder as the installer which makes it as a high complexity attack vector. | ||||
| CVE-2020-24422 | 1 Adobe | 1 Creative Cloud | 2024-09-16 | 7 High |
| Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2017-12653 | 1 360totalsecurity | 1 360 Total Security | 2024-09-16 | N/A |
| 360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory. | ||||
| CVE-2021-28636 | 1 Adobe | 2 Acrobat Dc, Acrobat Reader Dc | 2024-09-16 | 7.3 High |
| Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker with access to the victim's C:/ folder could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2019-1794 | 1 Cisco | 1 Meeting Server | 2024-09-16 | 5.1 Medium |
| A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources. | ||||
| CVE-2020-6787 | 1 Bosch | 1 Video Client | 2024-09-16 | 7.8 High |
| Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Client installer up to and including version 1.7.6.079 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. | ||||
| CVE-2022-33921 | 1 Dell | 1 Geodrive | 2024-09-16 | 7 High |
| Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. | ||||
| CVE-2024-8441 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 6.7 Medium |
| An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM. | ||||
| CVE-2024-29015 | 1 Intel | 2 Oneapi Base Toolkit, Vtune Profiler | 2024-09-12 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) VTune(TM) Profiler software before versions 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-28887 | 1 Intel | 3 Integrated Performance Primitives, Ipp Software, Oneapi Base Toolkit | 2024-09-12 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||