Total
476 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-9672 | 1 Adobe | 1 Coldfusion | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. | |||||
CVE-2019-6173 | 1 Lenovo | 1 Installation Package | 2024-02-04 | 6.9 MEDIUM | 6.5 MEDIUM |
A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges. | |||||
CVE-2020-8317 | 1 Lenovo | 1 Drivers Management | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. | |||||
CVE-2020-7279 | 1 Mcafee | 1 Host Intrusion Prevention | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder. | |||||
CVE-2020-8096 | 1 Bitdefender | 1 Antimalware Software Development Kit | 2024-02-04 | 4.6 MEDIUM | 5.3 MEDIUM |
Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 . | |||||
CVE-2020-7490 | 1 Schneider-electric | 1 Vijeo Designer | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product. | |||||
CVE-2020-10733 | 1 Postgresql | 1 Postgresql | 2024-02-04 | 4.4 MEDIUM | 7.3 HIGH |
The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer's administrative rights. | |||||
CVE-2018-21241 | 1 Foxitsoftware | 1 Phantompdf | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an untrusted search path that allows a DLL to execute remote code. | |||||
CVE-2020-15724 | 1 360totalsecurity | 1 360 Total Security | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system. | |||||
CVE-2020-10610 | 1 Osisoft | 9 Pi Api, Pi Buffer Subsystem, Pi Connector and 6 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification. | |||||
CVE-2020-24160 | 1 Tencent | 1 Tim | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. | |||||
CVE-2020-0598 | 1 Intel | 1 Binary Configuration Tool | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2020-7260 | 1 Mcafee | 1 Application And Change Control | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder. | |||||
CVE-2019-6196 | 1 Lenovo | 1 Installation Package | 2024-02-04 | 6.9 MEDIUM | 7.3 HIGH |
A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation. | |||||
CVE-2020-3768 | 1 Adobe | 1 Coldfusion | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. | |||||
CVE-2020-0570 | 2 Qt, Redhat | 2 Qt, Enterprise Linux | 2024-02-04 | 4.4 MEDIUM | 7.3 HIGH |
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. | |||||
CVE-2020-15801 | 3 Microsoft, Netapp, Python | 3 Windows, Max Data, Python | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. | |||||
CVE-2020-24158 | 1 360 | 1 Speed Browser | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. It is a dual-core browser owned by Beijing Qihoo Technology. | |||||
CVE-2020-15602 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ 2020, Internet Security 2020 and 2 more | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device. | |||||
CVE-2020-14350 | 3 Debian, Opensuse, Postgresql | 3 Debian Linux, Leap, Postgresql | 2024-02-04 | 4.4 MEDIUM | 7.3 HIGH |
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. |