Total
785 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21070 | 2 Adobe, Microsoft | 2 Robohelp, Windows | 2021-06-28 | 9.3 HIGH | 6.5 MEDIUM |
| Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with admin permissions to write to the file system could leverage this vulnerability to escalate privileges. | |||||
| CVE-2020-9667 | 3 Adobe, Apple, Microsoft | 3 Genuine Service, Macos, Windows | 2021-06-28 | 6.9 MEDIUM | 6.5 MEDIUM |
| Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker with admin privileges could plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction. | |||||
| CVE-2021-0104 | 1 Intel | 1 Rapid Storage Technology | 2021-06-28 | 4.4 MEDIUM | 7.8 HIGH |
| Uncontrolled search path element in the installer for the Intel(R) Rapid Storage Technology software, before versions 17.9.0.34, 18.0.0.640 and 18.1.0.24, may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0090 | 1 Intel | 1 Driver \& Support Assistant | 2021-06-23 | 4.4 MEDIUM | 7.3 HIGH |
| Uncontrolled search path element in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2021-3041 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2021-06-23 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory or to manipulate key registry values. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.11; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.8; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.3; All versions of Cortex XDR agent 7.2 without content update release 171 or a later version. | |||||
| CVE-2020-8702 | 1 Intel | 1 Processor Diagnostic Tool | 2021-06-22 | 4.4 MEDIUM | 7.3 HIGH |
| Uncontrolled search path element in the Intel(R) Processor Diagnostic Tool before version 4.1.5.37 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-23023 | 1 F5 | 1 Big-ip Access Policy Manager | 2021-06-22 | 6.9 MEDIUM | 7.8 HIGH |
| On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-0108 | 1 Intel | 1 Unite | 2021-06-22 | 4.4 MEDIUM | 7.3 HIGH |
| Uncontrolled search path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2021-0057 | 1 Intel | 4 Lapbc510, Lapbc510 Firmware, Lapbc710 and 1 more | 2021-06-18 | 4.4 MEDIUM | 7.8 HIGH |
| Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-24485 | 1 Intel | 1 Trace Analyzer And Collector | 2021-06-09 | 4.4 MEDIUM | 7.8 HIGH |
| Improper conditions check in the Intel(R) FPGA OPAE Driver for Linux before kernel version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-25694 | 1 Teradici | 1 Pcoip Graphics Agent | 2021-05-25 | 4.4 MEDIUM | 7.8 HIGH |
| Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not validate NVENC.dll. An attacker could replace the .dll and redirect pixels elsewhere. | |||||
| CVE-2021-3423 | 1 Bitdefender | 1 Gravityzone Business Security | 2021-05-25 | 4.6 MEDIUM | 7.8 HIGH |
| Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. This issue affects Bitdefender GravityZone Business Security versions prior to 6.6.23.329. | |||||
| CVE-2020-24755 | 1 Ui | 1 Unifi Video | 2021-05-24 | 6.9 MEDIUM | 7.8 HIGH |
| In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This was tested in (Windows 7 x64/Windows 10 x64). | |||||
| CVE-2020-0515 | 1 Intel | 1 Graphics Driver | 2021-05-19 | 4.6 MEDIUM | 7.8 HIGH |
| Uncontrolled search path element in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7584, 15.45.30.5103, 15.40.44.5107, 15.36.38.5117, and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege via local access | |||||
| CVE-2021-3464 | 1 Lenovo | 1 Pcmanager | 2021-05-06 | 7.2 HIGH | 7.8 HIGH |
| A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation. | |||||
| CVE-2021-21545 | 1 Dell | 1 Peripheral Manager | 2021-04-26 | 7.2 HIGH | 7.8 HIGH |
| Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user. | |||||
| CVE-2020-7585 | 1 Siemens | 4 Simatic Pcs 7, Simatic Process Device Manager, Simatic Step 7 and 1 more | 2021-04-22 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information. | |||||
| CVE-2021-28647 | 1 Trendmicro | 1 Password Manager | 2021-04-14 | 4.4 MEDIUM | 7.8 HIGH |
| Trend Micro Password Manager version 5 (Consumer) is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and could execute a malicious program each time a user installs a program. | |||||
| CVE-2021-22665 | 1 Rockwellautomation | 2 Drivetools Add-on Profiles, Drivetools Sp | 2021-03-25 | 7.2 HIGH | 7.8 HIGH |
| Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system. | |||||
| CVE-2020-9367 | 1 Zohocorp | 1 Manageengine Desktop Central | 2021-03-25 | 6.9 MEDIUM | 7.8 HIGH |
| The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code, leading to an escalation of privilege to NT AUTHORITY\SYSTEM. | |||||