Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5676 | 2 Microsoft, Nvidia | 3 Windows, Geforce Experience, Gpu Display Driver | 2024-08-04 | 6.7 Medium |
| NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution. | ||||
| CVE-2019-5694 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-08-04 | 6.5 Medium |
| NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. The attacker requires local system access. | ||||
| CVE-2019-5701 | 1 Nvidia | 1 Geforce Experience | 2024-08-04 | 7.8 High |
| NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution. | ||||
| CVE-2019-5695 | 2 Microsoft, Nvidia | 3 Windows, Geforce Experience, Gpu Driver | 2024-08-04 | 6.5 Medium |
| NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. | ||||
| CVE-2019-5539 | 2 Microsoft, Vmware | 3 Windows, Horizon View Agent, Workstation | 2024-08-04 | 7.8 High |
| VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed. | ||||
| CVE-2019-5526 | 1 Vmware | 1 Workstation | 2024-08-04 | N/A |
| VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed. | ||||
| CVE-2019-5443 | 4 Haxx, Microsoft, Netapp and 1 more | 10 Curl, Windows, Oncommand Insight and 7 more | 2024-08-04 | 7.8 High |
| A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. | ||||
| CVE-2019-5245 | 1 Huawei | 1 Hisuite | 2024-08-04 | N/A |
| HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing that could execute arbitrary code. | ||||
| CVE-2019-3881 | 2 Bundler, Redhat | 3 Bundler, Enterprise Linux, Rhel Software Collections | 2024-08-04 | 7.8 High |
| Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed. | ||||
| CVE-2019-3667 | 1 Mcafee | 1 Techcheck | 2024-08-04 | 6.6 Medium |
| DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker. | ||||
| CVE-2020-35483 | 1 Anydesk | 1 Anydesk | 2024-08-04 | 7.8 High |
| AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file. | ||||
| CVE-2020-35145 | 1 Acronis | 1 True Image | 2024-08-04 | 7.8 High |
| Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue. | ||||
| CVE-2020-29654 | 1 Westerndigital | 1 Dashboard | 2024-08-04 | 7.8 High |
| Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account. | ||||
| CVE-2020-29157 | 1 Raonwiz | 1 Raon K Editor | 2024-08-04 | 7.8 High |
| An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform a DLL hijacking attack when the service or system is restarted. | ||||
| CVE-2020-28950 | 1 Kaspersky | 1 Anti-ransomware Tool | 2024-08-04 | 7.8 High |
| The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process. | ||||
| CVE-2020-28646 | 1 Owncloud | 1 Owncloud Desktop Client | 2024-08-04 | 7.8 High |
| ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present. | ||||
| CVE-2020-28369 | 1 Beyondtrust | 1 Privilege Management For Windows | 2024-08-04 | 7.8 High |
| In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp. | ||||
| CVE-2020-27955 | 1 Git Large File Storage Project | 1 Git Large File Storage | 2024-08-04 | 9.8 Critical |
| Git LFS 2.12.0 allows Remote Code Execution. | ||||
| CVE-2020-27708 | 1 Ea | 1 Origin | 2024-08-04 | 7.8 High |
| A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Once the user has obtained elevated access, they may be able to take control of the system and perform actions otherwise reserved for high privileged users or system Administrators. | ||||
| CVE-2020-26947 | 1 Getmonero | 1 Monero | 2024-08-04 | 7.8 High |
| monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory. | ||||