Total
476 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35145 | 1 Acronis | 1 True Image | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
| Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue. | |||||
| CVE-2020-27695 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ Security 2020, Internet Security 2020 and 2 more | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
| Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product. | |||||
| CVE-2020-9106 | 1 Huawei | 2 P30 Pro, P30 Pro Firmware | 2024-02-04 | 2.1 LOW | 4.6 MEDIUM |
| HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a path traversal vulnerability. The system does not sufficiently validate certain pathname, successful exploit could allow the attacker access files and cause information disclosure. | |||||
| CVE-2020-4739 | 2 Ibm, Microsoft | 2 Db2, Windows | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
| IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149. | |||||
| CVE-2020-5144 | 1 Sonicwall | 1 Global Vpn Client | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
| SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability. | |||||
| CVE-2019-19161 | 2 Cymiinstaller322 Activex Project, Microsoft | 4 Cymiinstaller322 Activex, Windows 10, Windows 7 and 1 more | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification. | |||||
| CVE-2020-13813 | 1 Foxitsoftware | 1 Foxit Studio Photo | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory when FoxitStudioPhoto366_3.6.6.916.exe is used. | |||||
| CVE-2020-15723 | 1 360totalsecurity | 1 360 Total Security | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
| In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system. | |||||
| CVE-2020-7079 | 1 Autodesk | 1 Dynamo Bim | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
| An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files. | |||||
| CVE-2020-11507 | 1 Malwarebytes | 1 Adwcleaner | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
| An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded. | |||||
| CVE-2020-24159 | 1 163 | 1 Netease Youdao Dictionary | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
| NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. This affects Guangzhou NetEase Youdao Dictionary 8.9.2.0. | |||||
| CVE-2020-15009 | 1 Asus | 1 Screenpad2 Upgrade Tool | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
| AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name. | |||||
| CVE-2020-13812 | 1 Foxitsoftware | 1 Foxit Studio Photo | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory. | |||||
| CVE-2020-7476 | 1 Schneider-electric | 1 Ulti Zigbee Installation Toolkit | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
| A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit (Versions prior to 1.0.1), which could cause execution of malicious code when a malicious file is put in the search path. | |||||
| CVE-2020-9673 | 1 Adobe | 1 Coldfusion | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
| Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2020-9100 | 1 Huawei | 1 Hisuite | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
| Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing. | |||||
| CVE-2020-1458 | 1 Microsoft | 1 365 Apps | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading dynamic link library (DLL) files, aka 'Microsoft Office Remote Code Execution Vulnerability'. | |||||
| CVE-2020-24161 | 1 163 | 1 Netease Mail Master | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
| Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code. | |||||
| CVE-2019-20769 | 1 Lg | 2 G3, Pc Suite | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier). DLL Hijacking can occur via a Trojan horse DLL in the current working directory. The LG ID is LVE-MOT-190001 (November 2019). | |||||
| CVE-2020-4019 | 1 Atlassian | 1 Companion | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
| The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability. | |||||