Export limit exceeded: 361545 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2560 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-33063 | 2 Intel, Microsoft | 2 Realsense D400 Series Universal Windows Platform Driver, Windows 10 | 2024-11-21 | 7.8 High |
| Uncontrolled search path in the Intel(R) RealSense(TM) D400 Series UWP driver for Windows 10 before version 6.1.160.22 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-32592 | 1 Fortinet | 2 Forticlient, Forticlient Enterprise Management Server | 2024-11-21 | 7.8 High |
| An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path. | ||||
| CVE-2021-32580 | 1 Acronis | 1 True Image | 2024-11-21 | 7.8 High |
| Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking. | ||||
| CVE-2021-32466 | 2 Microsoft, Trendmicro | 2 Windows, Housecall For Home Networks | 2024-11-21 | 7.0 High |
| An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | ||||
| CVE-2021-31853 | 1 Mcafee | 1 Drive Encryption | 2024-11-21 | 7.8 High |
| DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder. | ||||
| CVE-2021-31847 | 1 Mcafee | 1 Agent | 2024-11-21 | 8.2 High |
| Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature. | ||||
| CVE-2021-31841 | 1 Mcafee | 1 Mcafee Agent | 2024-11-21 | 8.2 High |
| A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature. | ||||
| CVE-2021-31840 | 1 Mcafee | 1 Mcafee Agent | 2024-11-21 | 7.3 High |
| A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. This would result in the user gaining elevated permissions and being able to execute arbitrary code. | ||||
| CVE-2021-31776 | 2 Aviatrix, Microsoft | 2 Vpn Client, Windows | 2024-11-21 | 7.8 High |
| Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators. | ||||
| CVE-2021-31553 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 6.5 Medium |
| An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could turn off Special:CheckUserLog and thus interfere with usage tracking. | ||||
| CVE-2021-30360 | 1 Checkpoint | 1 Endpoint Security | 2024-11-21 | 7.8 High |
| Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges. | ||||
| CVE-2021-30359 | 2 Checkpoint, Microsoft | 3 Harmony Browse, Sandblast Agent For Browsers, Windows | 2024-11-21 | 7.8 High |
| The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation repair and place a specially crafted binary in the repair folder, which runs with the admin privileges. | ||||
| CVE-2021-30144 | 1 Glpi-project | 1 Dashboard | 2024-11-21 | 4.3 Medium |
| The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used. | ||||
| CVE-2021-29949 | 2 Mozilla, Redhat | 3 Thunderbird, Enterprise Linux, Rhel Eus | 2024-11-21 | 7.8 High |
| When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious library has been copied to a directory that is contained in the search path for executable libraries, then Thunderbird will load the incorrect library. This vulnerability affects Thunderbird < 78.9.1. | ||||
| CVE-2021-29221 | 2 Erlang, Microsoft | 2 Erlang\/otp, Windows | 2024-11-21 | 7.0 High |
| A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions. | ||||
| CVE-2021-29218 | 2 Hpe, Microsoft | 14 Agentless Management, Apollo 20, Apollo 2000 Gen 10 Plus and 11 more | 2024-11-21 | 6.7 Medium |
| A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows. | ||||
| CVE-2021-28955 | 1 Git-bug Project | 1 Git-bug | 2024-11-21 | 9.8 Critical |
| git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows). | ||||
| CVE-2021-28954 | 2 Bit Project, Microsoft | 2 Bit, Windows | 2024-11-21 | 7.8 High |
| In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository. | ||||
| CVE-2021-28953 | 1 C\/c\+\+ Advanced Lint Project | 1 C\/c\+\+ Advanced Lint | 2024-11-21 | 7.8 High |
| The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted repository. | ||||
| CVE-2021-28822 | 2 Microsoft, Tibco | 2 Windows, Enterprise Message Service | 2024-11-21 | 8.8 High |
| The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and Enterprise Message Service C API components of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below. | ||||