Total
540 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21562 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can lead to run resources that are not under the application’s direct control. | |||||
| CVE-2021-21237 | 1 Git Large File Storage Project | 1 Git Large File Storage | 2024-11-21 | 4.6 MEDIUM | 7.2 HIGH |
| Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. This is the result of an incomplete fix for CVE-2020-27955. This issue occurs because on Windows, Go includes (and prefers) the current directory when the name of a command run does not contain a directory separator. Other than avoiding untrusted repositories or using a different operating system, there is no workaround. This is fixed in v2.13.2. | |||||
| CVE-2021-21078 | 3 Adobe, Apple, Microsoft | 3 Creative Cloud Desktop Application, Macos, Windows | 2024-11-21 | 4.4 MEDIUM | 6.5 MEDIUM |
| Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction | |||||
| CVE-2021-21055 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure. | |||||
| CVE-2020-9673 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2020-9672 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2020-9418 | 2 Microsoft, Redsoftware | 2 Windows, Pdfescape | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| An untrusted search path vulnerability in the installer of PDFescape Desktop version 4.0.22 and earlier allows an attacker to gain privileges and execute code via DLL hijacking. | |||||
| CVE-2020-8895 | 1 Google | 1 Earth | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system. | |||||
| CVE-2020-8793 | 3 Canonical, Fedoraproject, Opensmtpd | 3 Ubuntu Linux, Fedora, Opensmtpd | 2024-11-21 | 4.7 MEDIUM | 4.7 MEDIUM |
| OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. | |||||
| CVE-2020-8338 | 1 Lenovo | 1 Diagnostics | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system. | |||||
| CVE-2020-8317 | 1 Lenovo | 1 Drivers Management | 2024-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. | |||||
| CVE-2020-8096 | 1 Bitdefender | 1 Antimalware Software Development Kit | 2024-11-21 | 4.6 MEDIUM | 6.3 MEDIUM |
| Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 . | |||||
| CVE-2020-7490 | 1 Schneider-electric | 1 Vijeo Designer | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product. | |||||
| CVE-2020-7476 | 1 Schneider-electric | 1 Ulti Zigbee Installation Toolkit | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit (Versions prior to 1.0.1), which could cause execution of malicious code when a malicious file is put in the search path. | |||||
| CVE-2020-7315 | 1 Mcafee | 1 Mcafee Agent | 2024-11-21 | 4.6 MEDIUM | 6.0 MEDIUM |
| DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL. | |||||
| CVE-2020-7279 | 1 Mcafee | 1 Host Intrusion Prevention | 2024-11-21 | 4.4 MEDIUM | 4.6 MEDIUM |
| DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder. | |||||
| CVE-2020-7260 | 1 Mcafee | 1 Application And Change Control | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
| DLL Side Loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder. | |||||
| CVE-2020-7079 | 1 Autodesk | 1 Dynamo Bim | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files. | |||||
| CVE-2020-6654 | 1 Eaton | 1 9000x Programming And Configuration Software | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL. | |||||
| CVE-2020-6023 | 1 Checkpoint | 1 Zonealarm | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware. | |||||