Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-30359 | 2 Checkpoint, Microsoft | 3 Harmony Browse, Sandblast Agent For Browsers, Windows | 2024-08-03 | 7.8 High |
| The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation repair and place a specially crafted binary in the repair folder, which runs with the admin privileges. | ||||
| CVE-2021-29949 | 2 Mozilla, Redhat | 3 Thunderbird, Enterprise Linux, Rhel Eus | 2024-08-03 | 7.8 High |
| When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious library has been copied to a directory that is contained in the search path for executable libraries, then Thunderbird will load the incorrect library. This vulnerability affects Thunderbird < 78.9.1. | ||||
| CVE-2021-28954 | 2 Bit Project, Microsoft | 2 Bit, Windows | 2024-08-03 | 7.8 High |
| In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository. | ||||
| CVE-2021-28955 | 1 Git-bug Project | 1 Git-bug | 2024-08-03 | 9.8 Critical |
| git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows). | ||||
| CVE-2021-28953 | 1 C\/c\+\+ Advanced Lint Project | 1 C\/c\+\+ Advanced Lint | 2024-08-03 | 7.8 High |
| The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted repository. | ||||
| CVE-2021-28647 | 1 Trendmicro | 1 Password Manager | 2024-08-03 | 7.8 High |
| Trend Micro Password Manager version 5 (Consumer) is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and could execute a malicious program each time a user installs a program. | ||||
| CVE-2021-28098 | 1 Forescout | 1 Counteract | 2024-08-03 | 7.8 High |
| An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions for the Everyone group. Using a symbolic link allows an attacker to point the log file to a privileged location such as %WINDIR%\System32. The resulting log file adopts the file permissions of the source of the symbolic link (in this case, the Everyone group). The log file in System32 can be replaced and renamed with a malicious DLL for DLL hijacking. | ||||
| CVE-2021-28130 | 2 Drweb, Microsoft | 2 Security Space, Windows | 2024-08-03 | 7.8 High |
| Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within a legitimate binary (e.g., frwl_svc.exe) bypasses firewall filters. | ||||
| CVE-2021-26750 | 1 Pandasecurity | 2 Panda Adaptive Defense 360, Panda Devices Agent | 2024-08-03 | 7.8 High |
| DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Panda Adaptive Defense 360 <= 8.0.17 allows attacker to escalate privileges via maliciously crafted DLL file. | ||||
| CVE-2021-25694 | 1 Teradici | 1 Pcoip Graphics Agent | 2024-08-03 | 7.8 High |
| Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not validate NVENC.dll. An attacker could replace the .dll and redirect pixels elsewhere. | ||||
| CVE-2021-25247 | 2 Microsoft, Trendmicro | 2 Windows, Housecall For Home Networks | 2024-08-03 | 7.8 High |
| A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability. | ||||
| CVE-2021-23023 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-08-03 | 7.8 High |
| On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2021-22775 | 1 Schneider-electric | 1 Gp-pro Ex | 2024-08-03 | 7.8 High |
| A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP-Pro EX,V4.09.250 and prior, that could cause local code execution with elevated privileges when installing the software. | ||||
| CVE-2021-22665 | 1 Rockwellautomation | 2 Drivetools Add-on Profiles, Drivetools Sp | 2024-08-03 | 7.8 High |
| Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system. | ||||
| CVE-2021-22195 | 1 Gitlab | 1 Gitlab-vscode-extension | 2024-08-03 | 8.6 High |
| Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system | ||||
| CVE-2021-22037 | 1 Vmware | 1 Installbuilder | 2024-08-03 | 7.8 High |
| Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path Interception by Search Order Hijacking, potentially allowing an attacker to plant a malicious reg.exe command so it takes precedence over the system command. The vulnerability only affects Windows installers. | ||||
| CVE-2021-22000 | 1 Vmware | 1 Thinapp | 2024-08-03 | 7.8 High |
| VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs. A malicious actor with non-administrative privileges may exploit this vulnerability to elevate privileges to administrator level on the Windows operating system having VMware ThinApp installed on it. | ||||
| CVE-2021-21999 | 1 Vmware | 3 App Volumes, Remote Console, Tools | 2024-08-03 | 7.8 High |
| VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges. | ||||
| CVE-2021-20793 | 1 Sony | 2 Audio Usb Driver, Hap Music Transfer | 2024-08-03 | 7.8 High |
| Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2021-20726 | 1 Overwolf | 1 Overwolf | 2024-08-03 | 7.8 High |
| Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory. | ||||