ReportizFlow
Filtered by vendor
Subscriptions
Total
815 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9367 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.8 High |
| The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code, leading to an escalation of privilege to NT AUTHORITY\SYSTEM. | ||||
| CVE-2020-9290 | 1 Fortinet | 2 Forticlient, Forticlient Virtual Private Network | 2024-11-21 | 7.8 High |
| An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | ||||
| CVE-2020-9287 | 1 Fortinet | 1 Forticlient Emergency Management Server | 2024-11-21 | 7.8 High |
| An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | ||||
| CVE-2020-9100 | 1 Huawei | 1 Hisuite | 2024-11-21 | 7.8 High |
| Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing. | ||||
| CVE-2020-8959 | 1 Westerndigital | 2 Sandiskssddashboardsetup.exe, Westerndigitalssddashboardsetup.exe | 2024-11-21 | 7.8 High |
| Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 allows DLL Hijacking. | ||||
| CVE-2020-8895 | 1 Google | 1 Earth | 2024-11-21 | 7.8 High |
| Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system. | ||||
| CVE-2020-8702 | 1 Intel | 1 Processor Diagnostic Tool | 2024-11-21 | 7.3 High |
| Uncontrolled search path element in the Intel(R) Processor Diagnostic Tool before version 4.1.5.37 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-8687 | 1 Intel | 1 Rste Software Raid | 2024-11-21 | 7.8 High |
| Uncontrolled search path in the installer for Intel(R) RSTe Software RAID Driver for the Intel(R) Server Board M10JNP2SB before version 4.7.0.1119 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-8601 | 2 Microsoft, Trendmicro | 2 Windows, Vulnerability Protection | 2024-11-21 | 7.8 High |
| Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory. | ||||
| CVE-2020-8469 | 1 Trendmicro | 1 Password Manager | 2024-11-21 | 7.8 High |
| Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation. | ||||
| CVE-2020-8345 | 1 Lenovo | 1 Hardware Scan | 2024-11-21 | 7.3 High |
| A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege. | ||||
| CVE-2020-8315 | 1 Python | 1 Python | 2024-11-21 | 5.5 Medium |
| In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected. | ||||
| CVE-2020-8146 | 2 Microsoft, Ui | 2 Windows, Unifi Video | 2024-11-21 | 7.8 High |
| In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the windows registry when installing UniFi-Video controller. Affected Products: UniFi Video Controller v3.10.2 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.10.3 and newer. | ||||
| CVE-2020-7585 | 1 Siemens | 4 Simatic Pcs 7, Simatic Process Device Manager, Simatic Step 7 and 1 more | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information. | ||||
| CVE-2020-7474 | 1 Schneider-electric | 1 Pmepxm0100 Prosoft Configurator | 2024-11-21 | 7.8 High |
| A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and prior), for the PMEPXM0100 (H) module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL. | ||||
| CVE-2020-7360 | 1 Philips | 1 Smartcontrol | 2024-11-21 | 7.4 High |
| An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.) | ||||
| CVE-2020-7358 | 1 Rapid7 | 1 Appspider | 2024-11-21 | 5.8 Medium |
| In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an installation and any arbitrary code executable using the same file name. | ||||
| CVE-2020-7312 | 1 Mcafee | 1 Mcafee Agent | 2024-11-21 | 7.8 High |
| DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder. | ||||
| CVE-2020-6790 | 1 Bosch | 1 Video Streaming Gateway | 2024-11-21 | 7.8 High |
| Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious exe in the same directory where the installer is started from. | ||||
| CVE-2020-6789 | 1 Bosch | 1 Monitor Wall | 2024-11-21 | 7.8 High |
| Loading a DLL through an Uncontrolled Search Path Element in the Bosch Monitor Wall installer up to and including version 10.00.0164 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from. | ||||