Export limit exceeded: 361702 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361702 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2561 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11632 | 1 Zscaler | 1 Client Connector | 2024-11-21 | 7.8 High |
| The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges. | ||||
| CVE-2020-11613 | 1 Mids\' Reborn Hero Designer Project | 1 Mids\' Reborn Hero Designer | 2024-11-21 | 7.8 High |
| Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can replace binaries or plant malicious DLLs to obtain elevated, or different, privileges, depending on the context of the user that runs the application. | ||||
| CVE-2020-11561 | 1 Nchsoftware | 1 Express Invoice | 2024-11-21 | 8.8 High |
| In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen. | ||||
| CVE-2020-11507 | 1 Malwarebytes | 1 Adwcleaner | 2024-11-21 | 7.8 High |
| An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded. | ||||
| CVE-2020-11081 | 1 Linuxfoundation | 1 Osquery | 2024-11-21 | 5.3 Medium |
| osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables local escalation. This is fixed in version 4.4.0. | ||||
| CVE-2020-10733 | 1 Postgresql | 1 Postgresql | 2024-11-21 | 7.3 High |
| The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer's administrative rights. | ||||
| CVE-2020-10649 | 2 Asus, Microsoft | 2 Device Activation, Windows 10 | 2024-11-21 | 7.8 High |
| DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name. | ||||
| CVE-2020-10626 | 2 Fazecast, Schneider-electric | 2 Jserialcomm, Ecostruxure It Gateway | 2024-11-21 | 7.8 High |
| In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code. | ||||
| CVE-2020-10616 | 1 Opto22 | 1 Softpac Project | 2024-11-21 | 8.8 High |
| Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts. | ||||
| CVE-2020-10610 | 1 Osisoft | 9 Pi Api, Pi Buffer Subsystem, Pi Connector and 6 more | 2024-11-21 | 7.8 High |
| In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification. | ||||
| CVE-2020-10515 | 2 Microsoft, Starface | 2 Windows, Unified Communication \& Collaboration Client | 2024-11-21 | 9.8 Critical |
| STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006. | ||||
| CVE-2020-10248 | 1 Meinbwa | 2 Direx-pro, Direx-pro Firmware | 2024-11-21 | 7.5 High |
| BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3. | ||||
| CVE-2020-10051 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are execeuted instead of the legitimate service. | ||||
| CVE-2020-0598 | 1 Intel | 1 Binary Configuration Tool | 2024-11-21 | 7.8 High |
| Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-0570 | 2 Qt, Redhat | 2 Qt, Enterprise Linux | 2024-11-21 | 7.3 High |
| Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. | ||||
| CVE-2020-0565 | 1 Intel | 1 Graphics Driver | 2024-11-21 | 7.8 High |
| Uncontrolled search path in Intel(R) Graphics Drivers before version 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-0546 | 2 Intel, Microsoft | 2 Optane Dc Persistent Memory Module Management, Windows Server 2019 | 2024-11-21 | 7.8 High |
| Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Module Management Software before version 1.0.0.3461 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access. | ||||
| CVE-2020-0515 | 1 Intel | 1 Graphics Driver | 2024-11-21 | 7.8 High |
| Uncontrolled search path element in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7584, 15.45.30.5103, 15.40.44.5107, 15.36.38.5117, and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege via local access | ||||
| CVE-2020-0507 | 1 Intel | 1 Graphics Driver | 2024-11-21 | 4.4 Medium |
| Unquoted service path in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2019-9896 | 3 Microsoft, Opensuse, Putty | 4 Windows, Backports Sle, Leap and 1 more | 2024-11-21 | 7.8 High |
| In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. | ||||