Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10626 | 2 Fazecast, Schneider-electric | 2 Jserialcomm, Ecostruxure It Gateway | 2024-08-04 | 7.8 High |
| In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code. | ||||
| CVE-2020-10610 | 1 Osisoft | 9 Pi Api, Pi Buffer Subsystem, Pi Connector and 6 more | 2024-08-04 | 7.8 High |
| In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification. | ||||
| CVE-2020-10515 | 2 Microsoft, Starface | 2 Windows, Unified Communication \& Collaboration Client | 2024-08-04 | 9.8 Critical |
| STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006. | ||||
| CVE-2020-9858 | 1 Apple | 1 Windows Migration Assistant | 2024-08-04 | 7.8 High |
| A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 (v. 1A11). Running the installer in an untrusted directory may result in arbitrary code execution. | ||||
| CVE-2020-9767 | 1 Zoom | 1 Sharing Service | 2024-08-04 | 7.8 High |
| A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a malicious DLL. Zoom addressed this issue, which only applies to Windows users, in the 5.0.4 client release. | ||||
| CVE-2020-9724 | 2 Adobe, Microsoft | 2 Lightroom, Windows | 2024-08-04 | 7.8 High |
| Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library loading vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2020-9367 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-04 | 7.8 High |
| The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code, leading to an escalation of privilege to NT AUTHORITY\SYSTEM. | ||||
| CVE-2020-9100 | 1 Huawei | 1 Hisuite | 2024-08-04 | 7.8 High |
| Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing. | ||||
| CVE-2020-8959 | 1 Westerndigital | 2 Sandiskssddashboardsetup.exe, Westerndigitalssddashboardsetup.exe | 2024-08-04 | 7.8 High |
| Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 allows DLL Hijacking. | ||||
| CVE-2020-8895 | 1 Google | 1 Earth | 2024-08-04 | 7.8 High |
| Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system. | ||||
| CVE-2020-8702 | 1 Intel | 1 Processor Diagnostic Tool | 2024-08-04 | 7.3 High |
| Uncontrolled search path element in the Intel(R) Processor Diagnostic Tool before version 4.1.5.37 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-8687 | 1 Intel | 1 Rste Software Raid | 2024-08-04 | 7.8 High |
| Uncontrolled search path in the installer for Intel(R) RSTe Software RAID Driver for the Intel(R) Server Board M10JNP2SB before version 4.7.0.1119 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-8601 | 2 Microsoft, Trendmicro | 2 Windows, Vulnerability Protection | 2024-08-04 | 7.8 High |
| Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory. | ||||
| CVE-2020-8469 | 1 Trendmicro | 1 Password Manager | 2024-08-04 | 7.8 High |
| Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation. | ||||
| CVE-2020-8315 | 1 Python | 1 Python | 2024-08-04 | 5.5 Medium |
| In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected. | ||||
| CVE-2020-8345 | 1 Lenovo | 1 Hardware Scan | 2024-08-04 | 7.3 High |
| A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege. | ||||
| CVE-2020-8146 | 2 Microsoft, Ui | 2 Windows, Unifi Video | 2024-08-04 | 7.8 High |
| In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the windows registry when installing UniFi-Video controller. Affected Products: UniFi Video Controller v3.10.2 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.10.3 and newer. | ||||
| CVE-2020-7585 | 1 Siemens | 4 Simatic Pcs 7, Simatic Process Device Manager, Simatic Step 7 and 1 more | 2024-08-04 | 7.8 High |
| A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information. | ||||
| CVE-2020-7474 | 1 Schneider-electric | 1 Pmepxm0100 Prosoft Configurator | 2024-08-04 | 7.8 High |
| A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and prior), for the PMEPXM0100 (H) module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL. | ||||
| CVE-2020-7358 | 1 Rapid7 | 1 Appspider | 2024-08-04 | 5.8 Medium |
| In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an installation and any arbitrary code executable using the same file name. | ||||