Total
760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15167 | 1 Johnkerl | 1 Miller | 2024-11-21 | 4.4 MEDIUM | 8.2 HIGH |
| In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc` file in the working directory. See linked GitHub Security Advisory for complete details. A fix is ready and will be released as Miller 5.9.1. | |||||
| CVE-2020-14349 | 2 Opensuse, Postgresql | 2 Leap, Postgresql | 2024-11-21 | 4.6 MEDIUM | 7.1 HIGH |
| It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication. | |||||
| CVE-2020-13771 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (and elevation of privileges to the level of privilege held by the vulnerable component such as NT AUTHORITY\SYSTEM) via DLL hijacking. This affects ldiscn32.exe, IpmiRedirectionService.exe, LDAPWhoAmI.exe, and ldprofile.exe. | |||||
| CVE-2020-13279 | 1 Gitlab | 1 Gitlab-vscode-extension | 2024-11-21 | 6.8 MEDIUM | 8.6 HIGH |
| Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system | |||||
| CVE-2020-13177 | 1 Teradici | 2 Graphics Agent, Pcoip Standard Agent | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path. | |||||
| CVE-2020-13110 | 1 Kerberos Project | 1 Kerberos | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search. | |||||
| CVE-2020-12891 | 1 Amd | 2 Radeon Pro Software, Radeon Software | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable. | |||||
| CVE-2020-12423 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* This vulnerability affects Firefox < 78. | |||||
| CVE-2020-12329 | 1 Intel | 1 Vtune Profiler | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Uncontrolled search path in the Intel(R) VTune(TM) Profiler before version 2020 Update 1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12320 | 1 Intel | 1 Scs Add-on For Microsoft Sccm | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM before version 2.1.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-11634 | 1 Zscaler | 1 Client Connector | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may be able to execute arbitrary code in the SYSTEM context. | |||||
| CVE-2020-11613 | 1 Mids\' Reborn Hero Designer Project | 1 Mids\' Reborn Hero Designer | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can replace binaries or plant malicious DLLs to obtain elevated, or different, privileges, depending on the context of the user that runs the application. | |||||
| CVE-2020-10649 | 2 Asus, Microsoft | 2 Device Activation, Windows 10 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name. | |||||
| CVE-2020-10626 | 2 Fazecast, Schneider-electric | 2 Jserialcomm, Ecostruxure It Gateway | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code. | |||||
| CVE-2020-10616 | 1 Opto22 | 1 Softpac Project | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts. | |||||
| CVE-2020-10515 | 2 Microsoft, Starface | 2 Windows, Unified Communication \& Collaboration Client | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006. | |||||
| CVE-2020-0565 | 1 Intel | 1 Graphics Driver | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Uncontrolled search path in Intel(R) Graphics Drivers before version 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-0515 | 1 Intel | 1 Graphics Driver | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Uncontrolled search path element in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7584, 15.45.30.5103, 15.40.44.5107, 15.36.38.5117, and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege via local access | |||||
| CVE-2019-9896 | 3 Microsoft, Opensuse, Putty | 4 Windows, Backports Sle, Leap and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. | |||||
| CVE-2019-9634 | 2 Golang, Microsoft | 2 Go, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection. | |||||