Total
568 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-29221 | 2 Erlang, Microsoft | 2 Erlang\/otp, Windows | 2024-11-21 | 7.0 High |
| A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions. | ||||
| CVE-2021-28249 | 1 Ca | 1 Ehealth Performance Manager | 2024-11-21 | 8.8 High |
| CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is run. The code in the library will be executed as the root user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-28246 | 1 Broadcom | 1 Ehealth | 2024-11-21 | 7.8 High |
| CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-27928 | 5 Debian, Galeracluster, Mariadb and 2 more | 8 Debian Linux, Wsrep, Mariadb and 5 more | 2024-11-21 | 7.2 High |
| A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. | ||||
| CVE-2021-26807 | 1 Gog | 1 Galaxy | 2024-11-21 | 7.8 High |
| GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading. | ||||
| CVE-2021-26557 | 1 Octopus | 1 Tentacle | 2024-11-21 | 7.8 High |
| When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. | ||||
| CVE-2021-26556 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2024-11-21 | 7.8 High |
| When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. | ||||
| CVE-2021-25699 | 1 Teradici | 1 Pcoip Client | 2024-11-21 | 7.8 High |
| The OpenSSL component of the Teradici PCoIP Software Client prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory. | ||||
| CVE-2021-25698 | 1 Teradici | 1 Pcoip Standard Agent | 2024-11-21 | 7.8 High |
| The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory. | ||||
| CVE-2021-22980 | 1 F5 | 2 Access Policy Manager Clients, Big-ip Access Policy Manager | 2024-11-21 | 7.8 High |
| In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory. User interaction is required to exploit this vulnerability in that the victim must run this utility on the Windows system. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | ||||
| CVE-2021-21562 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 4.4 Medium |
| Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can lead to run resources that are not under the application’s direct control. | ||||
| CVE-2021-21237 | 1 Git Large File Storage Project | 1 Git Large File Storage | 2024-11-21 | 7.2 High |
| Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. This is the result of an incomplete fix for CVE-2020-27955. This issue occurs because on Windows, Go includes (and prefers) the current directory when the name of a command run does not contain a directory separator. Other than avoiding untrusted repositories or using a different operating system, there is no workaround. This is fixed in v2.13.2. | ||||
| CVE-2020-9418 | 2 Microsoft, Redsoftware | 2 Windows, Pdfescape | 2024-11-21 | 7.8 High |
| An untrusted search path vulnerability in the installer of PDFescape Desktop version 4.0.22 and earlier allows an attacker to gain privileges and execute code via DLL hijacking. | ||||
| CVE-2020-8895 | 1 Google | 1 Earth | 2024-11-21 | 7.8 High |
| Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system. | ||||
| CVE-2020-8793 | 3 Canonical, Fedoraproject, Opensmtpd | 3 Ubuntu Linux, Fedora, Opensmtpd | 2024-11-21 | 4.7 Medium |
| OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. | ||||
| CVE-2020-8338 | 1 Lenovo | 1 Diagnostics | 2024-11-21 | 7.8 High |
| A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system. | ||||
| CVE-2020-8317 | 1 Lenovo | 1 Drivers Management | 2024-11-21 | 7.3 High |
| A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. | ||||
| CVE-2020-8096 | 1 Bitdefender | 1 Antimalware Software Development Kit | 2024-11-21 | 6.3 Medium |
| Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 . | ||||
| CVE-2020-7490 | 1 Schneider-electric | 1 Vijeo Designer | 2024-11-21 | 7.8 High |
| A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product. | ||||
| CVE-2020-7476 | 1 Schneider-electric | 1 Ulti Zigbee Installation Toolkit | 2024-11-21 | 7.8 High |
| A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit (Versions prior to 1.0.1), which could cause execution of malicious code when a malicious file is put in the search path. | ||||