Total
760 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-27348 | 1 Canonical | 2 Snapcraft, Ubuntu Linux | 2024-11-21 | 4.4 MEDIUM | 6.8 MEDIUM |
In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1. | |||||
CVE-2020-26947 | 1 Getmonero | 1 Monero | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory. | |||||
CVE-2020-26894 | 2 Faulknermedia, Microsoft | 2 Wildlife Issues In The New Millennium, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell()" function, it will attempt to search for "cmd.exe" in the folder of the current application and run the malicious "cmd.exe". | |||||
CVE-2020-26538 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory. | |||||
CVE-2020-26155 | 2 Microsoft, Utimaco | 7 Windows, Block-safe Firmware, Cryptoserver Cp5 Firmware and 4 more | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack. | |||||
CVE-2020-26050 | 1 Safervpn | 1 Safervpn | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low privileged users to SYSTEM via a crafted openssl configuration file. This issue is similar to CVE-2019-12572. | |||||
CVE-2020-25738 | 1 Cyberark | 1 Endpoint Privilege Manager | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database. | |||||
CVE-2020-25502 | 1 Cybereason | 1 Endpoint Detection And Response | 2024-11-21 | N/A | 7.8 HIGH |
Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with elevated privileges. | |||||
CVE-2020-25244 | 1 Siemens | 1 Logo\! Soft Comfort | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.4). The software insecurely loads libraries which makes it vulnerable to DLL hijacking. Successful exploitation by a local attacker could lead to a takeover of the system where the software is installed. | |||||
CVE-2020-25238 | 1 Siemens | 2 Simatic Process Control System Neo, Totally Integrated Automation Portal | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system. | |||||
CVE-2020-25182 | 3 Rockwellautomation, Schneider-electric, Xylem | 31 Aadvance Controller, Isagraf Free Runtime, Isagraf Runtime and 28 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems. | |||||
CVE-2020-25174 | 1 Bbraun | 1 Onlinesuite Application Package | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user. | |||||
CVE-2020-25045 | 1 Kaspersky | 2 Security Center, Security Center Web Console | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system. | |||||
CVE-2020-24755 | 1 Ui | 1 Unifi Video | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This was tested in (Windows 7 x64/Windows 10 x64). | |||||
CVE-2020-24578 | 1 Dlink | 2 Dsl2888a, Dsl2888a Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file). | |||||
CVE-2020-24485 | 1 Intel | 1 Trace Analyzer And Collector | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
Improper conditions check in the Intel(R) FPGA OPAE Driver for Linux before kernel version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2020-24451 | 1 Intel | 1 Optane Dc Persistent Memory Module Management | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memory installer for Windows* before version 1.00.00.3506 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2020-24447 | 2 Adobe, Microsoft | 2 Lightroom, Windows | 2024-11-21 | 3.7 LOW | 7.0 HIGH |
Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2020-24440 | 2 Adobe, Microsoft | 2 Prelude, Windows | 2024-11-21 | 3.7 LOW | 7.0 HIGH |
Adobe Prelude version 9.0.1 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2020-24425 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2024-11-21 | 7.2 HIGH | 7.5 HIGH |
Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Successful exploitation could result in a local user with permissions to write to the file system running system commands with administrator privileges. |