Export limit exceeded: 361534 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2560 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24203 | 1 Projectworlds | 1 Travel Management System | 2024-11-21 | 9.8 Critical |
| Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. | ||||
| CVE-2020-24162 | 1 Tencent | 1 Tencent | 2024-11-21 | 7.8 High |
| The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code. | ||||
| CVE-2020-24161 | 1 163 | 1 Netease Mail Master | 2024-11-21 | 7.8 High |
| Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code. | ||||
| CVE-2020-24160 | 1 Tencent | 1 Tim | 2024-11-21 | 7.8 High |
| Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. | ||||
| CVE-2020-24159 | 1 163 | 1 Netease Youdao Dictionary | 2024-11-21 | 7.8 High |
| NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. This affects Guangzhou NetEase Youdao Dictionary 8.9.2.0. | ||||
| CVE-2020-24158 | 1 360 | 1 Speed Browser | 2024-11-21 | 7.8 High |
| 360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. It is a dual-core browser owned by Beijing Qihoo Technology. | ||||
| CVE-2020-22809 | 1 Windscribe | 1 Windscribe | 2024-11-21 | 7.8 High |
| In Windscribe v1.83 Build 20, 'WindscribeService' has an Unquoted Service Path that facilitates privilege escalation. | ||||
| CVE-2020-1988 | 1 Paloaltonetworks | 1 Globalprotect | 2024-11-21 | 4.2 Medium |
| An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows; | ||||
| CVE-2020-1458 | 1 Microsoft | 1 365 Apps | 2024-11-21 | 7.8 High |
| A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading dynamic link library (DLL) files, aka 'Microsoft Office Remote Code Execution Vulnerability'. | ||||
| CVE-2020-18173 | 1 1password | 1 1password | 2024-11-21 | 7.8 High |
| A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code. | ||||
| CVE-2020-16143 | 1 Seafile | 1 Seafile-client | 2024-11-21 | 7.8 High |
| The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijacking because it loads exchndl.dll from the current working directory. | ||||
| CVE-2020-15801 | 3 Microsoft, Netapp, Python | 3 Windows, Max Data, Python | 2024-11-21 | 9.8 Critical |
| In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. | ||||
| CVE-2020-15724 | 1 360totalsecurity | 1 360 Total Security | 2024-11-21 | 7.8 High |
| In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system. | ||||
| CVE-2020-15723 | 1 360totalsecurity | 1 360 Total Security | 2024-11-21 | 7.8 High |
| In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system. | ||||
| CVE-2020-15722 | 1 360totalsecurity | 1 360 Total Security | 2024-11-21 | 7.8 High |
| In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system. | ||||
| CVE-2020-15663 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 8.8 High |
| If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2. | ||||
| CVE-2020-15657 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | 7.8 High |
| Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | ||||
| CVE-2020-15602 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ 2020, Internet Security 2020 and 2 more | 2024-11-21 | 7.8 High |
| An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device. | ||||
| CVE-2020-15596 | 1 Hp | 28 Elite X2 1012 G1, Elite X2 1012 G1 Firmware, Elite X2 1012 G2 and 25 more | 2024-11-21 | 6.7 Medium |
| The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file. | ||||
| CVE-2020-15523 | 3 Microsoft, Netapp, Python | 3 Windows, Snapcenter, Python | 2024-11-21 | 7.8 High |
| In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. | ||||