Total
562 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6014 | 1 Checkpoint | 1 Endpoint Security | 2024-11-21 | 6.5 Medium |
| Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate. | ||||
| CVE-2020-5977 | 1 Nvidia | 1 Geforce Experience | 2024-11-21 | 7.8 High |
| NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure. | ||||
| CVE-2020-5144 | 1 Sonicwall | 1 Global Vpn Client | 2024-11-21 | 7.8 High |
| SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability. | ||||
| CVE-2020-4739 | 2 Ibm, Microsoft | 2 Db2, Windows | 2024-11-21 | 7.8 High |
| IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149. | ||||
| CVE-2020-4545 | 1 Ibm | 1 Aspera Connect | 2024-11-21 | 7.8 High |
| IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183190. | ||||
| CVE-2020-4019 | 1 Atlassian | 1 Companion | 2024-11-21 | 7.8 High |
| The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability. | ||||
| CVE-2020-3768 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 7.8 High |
| ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2020-35686 | 1 Soundresearch | 1 Dchu Model Software Component Modules | 2024-11-21 | 7.8 High |
| The SECOMN service in Sound Research DCHU model software component modules (APO) through 2.0.9.17, delivered on HP Windows 10 computers, may allow escalation of privilege via a fake DLL. (As a resolution, Windows Update is being submitted for all affected products to update to 2.0.9.18 or later.) | ||||
| CVE-2020-29482 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 6.0 Medium |
| An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily using absolute paths. oxenstored imposes a pathname limit that is applied solely to the relative or absolute path specified by the client. Therefore, a guest can create paths in its own namespace which are too long for management tools to access. Depending on the toolstack in use, a malicious guest administrator might cause some management tools and debugging operations to fail. For example, a guest administrator can cause "xenstore-ls -r" to fail. However, a guest administrator cannot prevent the host administrator from tearing down the domain. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable. | ||||
| CVE-2020-27695 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ Security 2020, Internet Security 2020 and 2 more | 2024-11-21 | 7.8 High |
| Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product. | ||||
| CVE-2020-1458 | 1 Microsoft | 1 365 Apps | 2024-11-21 | 7.8 High |
| A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading dynamic link library (DLL) files, aka 'Microsoft Office Remote Code Execution Vulnerability'. | ||||
| CVE-2020-15801 | 3 Microsoft, Netapp, Python | 3 Windows, Max Data, Python | 2024-11-21 | 9.8 Critical |
| In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. | ||||
| CVE-2020-15657 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | 7.8 High |
| Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | ||||
| CVE-2020-15602 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ 2020, Internet Security 2020 and 2 more | 2024-11-21 | 7.8 High |
| An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device. | ||||
| CVE-2020-15009 | 1 Asus | 1 Screenpad2 Upgrade Tool | 2024-11-21 | 7.8 High |
| AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name. | ||||
| CVE-2020-14350 | 5 Canonical, Debian, Opensuse and 2 more | 9 Ubuntu Linux, Debian Linux, Leap and 6 more | 2024-11-21 | 7.3 High |
| It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. | ||||
| CVE-2020-13813 | 1 Foxitsoftware | 1 Foxit Studio Photo | 2024-11-21 | 7.8 High |
| An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory when FoxitStudioPhoto366_3.6.6.916.exe is used. | ||||
| CVE-2020-13812 | 1 Foxitsoftware | 1 Foxit Studio Photo | 2024-11-21 | 7.8 High |
| An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory. | ||||
| CVE-2020-12892 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-11-21 | 7.8 High |
| An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution. | ||||
| CVE-2020-12423 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-11-21 | 7.8 High |
| When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* This vulnerability affects Firefox < 78. | ||||