Filtered by CWE-427
Filtered by vendor Subscriptions
Total 869 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-5324 1 Dell 226 G3 15 3590, G3 15 3590 Firmware, G3 3579 and 223 more 2024-11-21 7.1 High
Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.
CVE-2020-5316 1 Dell 2 Supportassist For Business Pcs, Supportassist For Home Pcs 2024-11-21 7.8 High
Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.
CVE-2020-5145 1 Sonicwall 1 Global Vpn Client 2024-11-21 8.6 High
SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system.
CVE-2020-4623 2 Ibm, Microsoft 2 I2 Ibase, Windows 2024-11-21 6.5 Medium
IBM i2 iBase 8.9.13 could allow a local authenticated attacker to execute arbitrary code on the system, caused by a DLL search order hijacking flaw. By using a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 184984.
CVE-2020-3979 2 Installbuilder, Microsoft 2 Installbuilder, Windows 2024-11-21 7.8 High
InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which could result in code execution with the security scope of the installer.
CVE-2020-3803 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more 2024-11-21 7.8 High
Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2020-3535 1 Cisco 1 Webex Teams 2024-11-21 7.8 High
A vulnerability in the loading mechanism of specific DLLs in the Cisco Webex Teams client for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. The vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file in a specific location on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with the privileges of another user’s account.
CVE-2020-35483 1 Anydesk 1 Anydesk 2024-11-21 7.8 High
AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file.
CVE-2020-35145 1 Acronis 1 True Image 2024-11-21 7.8 High
Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue.
CVE-2020-2049 2 Microsoft, Paloaltonetworks 2 Windows, Cortex Xdr Agent 2024-11-21 7.8 High
A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory. This issue impacts: All versions of Cortex XDR Agent 7.1 with content update 149 and earlier versions; All versions of Cortex XDR Agent 7.2 with content update 149 and earlier versions.
CVE-2020-29654 1 Westerndigital 1 Dashboard 2024-11-21 7.8 High
Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account.
CVE-2020-29157 1 Raonwiz 1 Raon K Editor 2024-11-21 7.8 High
An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform a DLL hijacking attack when the service or system is restarted.
CVE-2020-28950 1 Kaspersky 1 Anti-ransomware Tool 2024-11-21 7.8 High
The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.
CVE-2020-28646 1 Owncloud 1 Owncloud Desktop Client 2024-11-21 7.8 High
ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present.
CVE-2020-28369 1 Beyondtrust 1 Privilege Management For Windows 2024-11-21 7.8 High
In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp.
CVE-2020-27955 1 Git Large File Storage Project 1 Git Large File Storage 2024-11-21 9.8 Critical
Git LFS 2.12.0 allows Remote Code Execution.
CVE-2020-27708 1 Ea 1 Origin 2024-11-21 7.8 High
A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Once the user has obtained elevated access, they may be able to take control of the system and perform actions otherwise reserved for high privileged users or system Administrators.
CVE-2020-27348 1 Canonical 2 Snapcraft, Ubuntu Linux 2024-11-21 6.8 Medium
In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1.
CVE-2020-26947 1 Getmonero 1 Monero 2024-11-21 7.8 High
monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory.
CVE-2020-26894 2 Faulknermedia, Microsoft 2 Wildlife Issues In The New Millennium, Windows 2024-11-21 7.8 High
LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell()" function, it will attempt to search for "cmd.exe" in the folder of the current application and run the malicious "cmd.exe".