Search Results (2564 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-24422 1 Adobe 1 Creative Cloud 2024-11-21 7 High
Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2020-24420 2 Adobe, Microsoft 2 Photoshop, Windows 2024-11-21 7 High
Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected by an uncontrolled search path element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2020-24419 2 Adobe, Microsoft 2 After Effects, Windows 2024-11-21 7 High
Adobe After Effects version 17.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2020-24356 1 Cloudflare 1 Cloudflared 2024-11-21 6.4 Medium
`cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, `cloudflared` searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user. Version 2020.8.1 fixes this issue.
CVE-2020-24203 1 Projectworlds 1 Travel Management System 2024-11-21 9.8 Critical
Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.
CVE-2020-24162 1 Tencent 1 Tencent 2024-11-21 7.8 High
The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code.
CVE-2020-24161 1 163 1 Netease Mail Master 2024-11-21 7.8 High
Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code.
CVE-2020-24160 1 Tencent 1 Tim 2024-11-21 7.8 High
Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code.
CVE-2020-24159 1 163 1 Netease Youdao Dictionary 2024-11-21 7.8 High
NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. This affects Guangzhou NetEase Youdao Dictionary 8.9.2.0.
CVE-2020-24158 1 360 1 Speed Browser 2024-11-21 7.8 High
360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. It is a dual-core browser owned by Beijing Qihoo Technology.
CVE-2020-22809 1 Windscribe 1 Windscribe 2024-11-21 7.8 High
In Windscribe v1.83 Build 20, 'WindscribeService' has an Unquoted Service Path that facilitates privilege escalation.
CVE-2020-1988 1 Paloaltonetworks 1 Globalprotect 2024-11-21 4.2 Medium
An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;
CVE-2020-1458 1 Microsoft 1 365 Apps 2024-11-21 7.8 High
A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading dynamic link library (DLL) files, aka 'Microsoft Office Remote Code Execution Vulnerability'.
CVE-2020-18173 1 1password 1 1password 2024-11-21 7.8 High
A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code.
CVE-2020-16143 1 Seafile 1 Seafile-client 2024-11-21 7.8 High
The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijacking because it loads exchndl.dll from the current working directory.
CVE-2020-15801 3 Microsoft, Netapp, Python 3 Windows, Max Data, Python 2024-11-21 9.8 Critical
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.
CVE-2020-15724 1 360totalsecurity 1 360 Total Security 2024-11-21 7.8 High
In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.
CVE-2020-15723 1 360totalsecurity 1 360 Total Security 2024-11-21 7.8 High
In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.
CVE-2020-15722 1 360totalsecurity 1 360 Total Security 2024-11-21 7.8 High
In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system.
CVE-2020-15663 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-11-21 8.8 High
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2.