ReportizFlow
Filtered by vendor
Subscriptions
Total
525 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26557 | 1 Octopus | 1 Tentacle | 2024-11-21 | 7.8 High |
| When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. | ||||
| CVE-2021-26556 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2024-11-21 | 7.8 High |
| When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. | ||||
| CVE-2021-25699 | 1 Teradici | 1 Pcoip Client | 2024-11-21 | 7.8 High |
| The OpenSSL component of the Teradici PCoIP Software Client prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory. | ||||
| CVE-2021-25698 | 1 Teradici | 1 Pcoip Standard Agent | 2024-11-21 | 7.8 High |
| The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory. | ||||
| CVE-2021-22980 | 1 F5 | 2 Access Policy Manager Clients, Big-ip Access Policy Manager | 2024-11-21 | 7.8 High |
| In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory. User interaction is required to exploit this vulnerability in that the victim must run this utility on the Windows system. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | ||||
| CVE-2021-21562 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 4.4 Medium |
| Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can lead to run resources that are not under the application’s direct control. | ||||
| CVE-2021-21237 | 1 Git Large File Storage Project | 1 Git Large File Storage | 2024-11-21 | 7.2 High |
| Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. This is the result of an incomplete fix for CVE-2020-27955. This issue occurs because on Windows, Go includes (and prefers) the current directory when the name of a command run does not contain a directory separator. Other than avoiding untrusted repositories or using a different operating system, there is no workaround. This is fixed in v2.13.2. | ||||
| CVE-2021-21078 | 3 Adobe, Apple, Microsoft | 3 Creative Cloud Desktop Application, Macos, Windows | 2024-11-21 | 6.5 Medium |
| Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction | ||||
| CVE-2021-21055 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2024-11-21 | 6.2 Medium |
| Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure. | ||||
| CVE-2020-9673 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 7.8 High |
| Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2020-9672 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 7.8 High |
| Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2020-9418 | 2 Microsoft, Redsoftware | 2 Windows, Pdfescape | 2024-11-21 | 7.8 High |
| An untrusted search path vulnerability in the installer of PDFescape Desktop version 4.0.22 and earlier allows an attacker to gain privileges and execute code via DLL hijacking. | ||||
| CVE-2020-8895 | 1 Google | 1 Earth | 2024-11-21 | 7.8 High |
| Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system. | ||||
| CVE-2020-8793 | 3 Canonical, Fedoraproject, Opensmtpd | 3 Ubuntu Linux, Fedora, Opensmtpd | 2024-11-21 | 4.7 Medium |
| OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. | ||||
| CVE-2020-8338 | 1 Lenovo | 1 Diagnostics | 2024-11-21 | 7.8 High |
| A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system. | ||||
| CVE-2020-8317 | 1 Lenovo | 1 Drivers Management | 2024-11-21 | 7.3 High |
| A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. | ||||
| CVE-2020-8096 | 1 Bitdefender | 1 Antimalware Software Development Kit | 2024-11-21 | 6.3 Medium |
| Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 . | ||||
| CVE-2020-7490 | 1 Schneider-electric | 1 Vijeo Designer | 2024-11-21 | 7.8 High |
| A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product. | ||||
| CVE-2020-7476 | 1 Schneider-electric | 1 Ulti Zigbee Installation Toolkit | 2024-11-21 | 7.8 High |
| A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit (Versions prior to 1.0.1), which could cause execution of malicious code when a malicious file is put in the search path. | ||||
| CVE-2020-7315 | 1 Mcafee | 1 Mcafee Agent | 2024-11-21 | 6 Medium |
| DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL. | ||||