ReportizFlow
Filtered by vendor
Subscriptions
Total
815 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-1427 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-11-21 | 7 High |
| Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-1426 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-11-21 | 7 High |
| Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-1386 | 1 Cisco | 3 Advanced Malware Protection For Endpoints, Clamav, Immunet | 2024-11-21 | 7 High |
| A vulnerability in the dynamic link library (DLL) loading mechanism in Cisco Advanced Malware Protection (AMP) for Endpoints Windows Connector, ClamAV for Windows, and Immunet could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected Windows system. To exploit this vulnerability, the attacker would need valid credentials on the system. The vulnerability is due to insufficient validation of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on an affected system. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges. | ||||
| CVE-2021-1366 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-11-21 | 7.8 High |
| A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. | ||||
| CVE-2021-1280 | 1 Cisco | 2 Advanced Malware Protection For Endpoints, Immunet | 2024-11-21 | 7.8 High |
| A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection (AMP) for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with SYSTEM privileges. | ||||
| CVE-2021-1240 | 1 Cisco | 1 Proximity | 2024-11-21 | 4.8 Medium |
| A vulnerability in the loading process of specific DLLs in Cisco Proximity Desktop for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file in a specific location on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with the privileges of another user’s account. | ||||
| CVE-2021-1237 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-11-21 | 7.8 High |
| A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system which, in turn, causes a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. | ||||
| CVE-2021-1089 | 1 Nvidia | 1 Gpu Display Driver | 2024-11-21 | 7.8 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. | ||||
| CVE-2021-0169 | 1 Intel | 44 Amt Ac 8260, Amt Ac 8260 Firmware, Amt Ac 8265 and 41 more | 2024-11-21 | 6.7 Medium |
| Uncontrolled Search Path Element in software for Intel(R) PROSet/Wireless Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-0160 | 1 Intel | 6 Avermedia Capture Card, Nuc Pro Chassis Element Cmcm2fb, Nuc Pro Chassis Element Cmcm2fbav and 3 more | 2024-11-21 | 7.8 High |
| Uncontrolled search path in some Intel(R) NUC Pro Chassis Element AverMedia Capture Card drivers before version 3.0.64.143 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-0108 | 1 Intel | 1 Unite | 2024-11-21 | 7.3 High |
| Uncontrolled search path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. | ||||
| CVE-2021-0104 | 1 Intel | 1 Rapid Storage Technology | 2024-11-21 | 7.8 High |
| Uncontrolled search path element in the installer for the Intel(R) Rapid Storage Technology software, before versions 17.9.0.34, 18.0.0.640 and 18.1.0.24, may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-0090 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | 7.3 High |
| Uncontrolled search path element in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access. | ||||
| CVE-2021-0082 | 1 Intel | 30 7265, 7265 Firmware, Ac1550 and 27 more | 2024-11-21 | 7.8 High |
| Uncontrolled search path in software installer for Intel(R) PROSet/Wireless WiFi in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-0057 | 1 Intel | 4 Lapbc510, Lapbc510 Firmware, Lapbc710 and 1 more | 2024-11-21 | 7.8 High |
| Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-9858 | 1 Apple | 1 Windows Migration Assistant | 2024-11-21 | 7.8 High |
| A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 (v. 1A11). Running the installer in an untrusted directory may result in arbitrary code execution. | ||||
| CVE-2020-9767 | 1 Zoom | 1 Sharing Service | 2024-11-21 | 7.8 High |
| A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL. Zoom addressed this issue, which only applies to Windows users, in the 5.0.4 client release. | ||||
| CVE-2020-9724 | 2 Adobe, Microsoft | 2 Lightroom, Windows | 2024-11-21 | 7.8 High |
| Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library loading vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2020-9681 | 3 Adobe, Apple, Microsoft | 3 Genuine Service, Macos, Windows | 2024-11-21 | 6.5 Medium |
| Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, which may lead to elevated permissions. Exploitation of this issue requires user interaction. | ||||
| CVE-2020-9667 | 3 Adobe, Apple, Microsoft | 3 Genuine Service, Macos, Windows | 2024-11-21 | 6.5 Medium |
| Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker with admin privileges could plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction. | ||||