Total
521 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9418 | 2 Microsoft, Redsoftware | 2 Windows, Pdfescape | 2024-08-04 | 7.8 High |
| An untrusted search path vulnerability in the installer of PDFescape Desktop version 4.0.22 and earlier allows an attacker to gain privileges and execute code via DLL hijacking. | ||||
| CVE-2020-8895 | 1 Google | 1 Earth | 2024-08-04 | 7.8 High |
| Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system. | ||||
| CVE-2020-8793 | 3 Canonical, Fedoraproject, Opensmtpd | 3 Ubuntu Linux, Fedora, Opensmtpd | 2024-08-04 | 4.7 Medium |
| OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. | ||||
| CVE-2020-8338 | 1 Lenovo | 1 Diagnostics | 2024-08-04 | 7.8 High |
| A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system. | ||||
| CVE-2020-7490 | 1 Schneider-electric | 1 Vijeo Designer | 2024-08-04 | 7.8 High |
| A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product. | ||||
| CVE-2020-7476 | 1 Schneider-electric | 1 Ulti Zigbee Installation Toolkit | 2024-08-04 | 7.8 High |
| A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit (Versions prior to 1.0.1), which could cause execution of malicious code when a malicious file is put in the search path. | ||||
| CVE-2020-7079 | 1 Autodesk | 1 Dynamo Bim | 2024-08-04 | 7.8 High |
| An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files. | ||||
| CVE-2020-6014 | 1 Checkpoint | 1 Endpoint Security | 2024-08-04 | 6.5 Medium |
| Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate. | ||||
| CVE-2020-5977 | 1 Nvidia | 1 Geforce Experience | 2024-08-04 | 7.8 High |
| NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure. | ||||
| CVE-2020-6023 | 1 Checkpoint | 1 Zonealarm | 2024-08-04 | 7.8 High |
| Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware. | ||||
| CVE-2020-5144 | 1 Sonicwall | 1 Global Vpn Client | 2024-08-04 | 7.8 High |
| SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability. | ||||
| CVE-2020-3768 | 1 Adobe | 1 Coldfusion | 2024-08-04 | 7.8 High |
| ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2020-1458 | 1 Microsoft | 1 365 Apps | 2024-08-04 | 7.8 High |
| A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading dynamic link library (DLL) files, aka 'Microsoft Office Remote Code Execution Vulnerability'. | ||||
| CVE-2020-0598 | 1 Intel | 1 Binary Configuration Tool | 2024-08-04 | 7.8 High |
| Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-0570 | 2 Qt, Redhat | 2 Qt, Enterprise Linux | 2024-08-04 | 7.3 High |
| Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. | ||||
| CVE-2021-45975 | 1 Acer | 1 Care Center | 2024-08-04 | 7.8 High |
| In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with local administrator privileges. | ||||
| CVE-2021-41387 | 1 Seatd Project | 1 Seatd | 2024-08-04 | 8.8 High |
| seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. | ||||
| CVE-2021-37617 | 1 Nextcloud | 1 Desktop | 2024-08-04 | 7.3 High |
| The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4, the Client searches the `Uninstall.exe` file in a folder that can be written by regular users. This could lead to a case where a malicious user creates a malicious `Uninstall.exe`, which would be executed with administrative privileges on the Nextcloud Desktop Client installation. This issue is fixed in Nextcloud Desktop Client version 3.3.0. As a workaround, do not allow untrusted users to create content in the `C:\` system folder and verify that there is no malicious `C:\Uninstall.exe` file on the system. | ||||
| CVE-2021-36770 | 3 Fedoraproject, P5-encode Project, Perl | 3 Fedora, P5-encode, Perl | 2024-08-04 | 7.8 High |
| Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value. | ||||
| CVE-2021-36666 | 1 Druva | 1 Insync Client | 2024-08-04 | 7.8 High |
| An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission. | ||||