Total
878 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24160 | 1 Tencent | 1 Tim | 2024-11-21 | 7.8 High |
| Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. | ||||
| CVE-2020-24159 | 1 163 | 1 Netease Youdao Dictionary | 2024-11-21 | 7.8 High |
| NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. This affects Guangzhou NetEase Youdao Dictionary 8.9.2.0. | ||||
| CVE-2020-24158 | 1 360 | 1 Speed Browser | 2024-11-21 | 7.8 High |
| 360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. It is a dual-core browser owned by Beijing Qihoo Technology. | ||||
| CVE-2020-18173 | 1 1password | 1 1password | 2024-11-21 | 7.8 High |
| A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code. | ||||
| CVE-2020-16143 | 1 Seafile | 1 Seafile-client | 2024-11-21 | 7.8 High |
| The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijacking because it loads exchndl.dll from the current working directory. | ||||
| CVE-2020-15724 | 1 360totalsecurity | 1 360 Total Security | 2024-11-21 | 7.8 High |
| In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system. | ||||
| CVE-2020-15723 | 1 360totalsecurity | 1 360 Total Security | 2024-11-21 | 7.8 High |
| In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system. | ||||
| CVE-2020-15722 | 1 360totalsecurity | 1 360 Total Security | 2024-11-21 | 7.8 High |
| In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system. | ||||
| CVE-2020-15663 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 8.8 High |
| If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2. | ||||
| CVE-2020-15657 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | 7.8 High |
| Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | ||||
| CVE-2020-15596 | 1 Hp | 28 Elite X2 1012 G1, Elite X2 1012 G1 Firmware, Elite X2 1012 G2 and 25 more | 2024-11-21 | 6.7 Medium |
| The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file. | ||||
| CVE-2020-15523 | 3 Microsoft, Netapp, Python | 3 Windows, Snapcenter, Python | 2024-11-21 | 7.8 High |
| In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. | ||||
| CVE-2020-15167 | 1 Johnkerl | 1 Miller | 2024-11-21 | 8.2 High |
| In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc` file in the working directory. See linked GitHub Security Advisory for complete details. A fix is ready and will be released as Miller 5.9.1. | ||||
| CVE-2020-14349 | 3 Opensuse, Postgresql, Redhat | 7 Leap, Postgresql, Enterprise Linux and 4 more | 2024-11-21 | 7.1 High |
| It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication. | ||||
| CVE-2020-13771 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 7.8 High |
| Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (and elevation of privileges to the level of privilege held by the vulnerable component such as NT AUTHORITY\SYSTEM) via DLL hijacking. This affects ldiscn32.exe, IpmiRedirectionService.exe, LDAPWhoAmI.exe, and ldprofile.exe. | ||||
| CVE-2020-13279 | 1 Gitlab | 1 Gitlab-vscode-extension | 2024-11-21 | 8.6 High |
| Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system | ||||
| CVE-2020-13177 | 1 Teradici | 2 Graphics Agent, Pcoip Standard Agent | 2024-11-21 | 7.8 High |
| The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path. | ||||
| CVE-2020-13110 | 1 Kerberos Project | 1 Kerberos | 2024-11-21 | 7.8 High |
| The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search. | ||||
| CVE-2020-12891 | 1 Amd | 2 Radeon Pro Software, Radeon Software | 2024-11-21 | 7.8 High |
| AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable. | ||||
| CVE-2020-12423 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-11-21 | 7.8 High |
| When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* This vulnerability affects Firefox < 78. | ||||