• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-427

CVE-2020-13110

February 26, 2023 by

The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search.

CVE-2020-12891

February 26, 2023 by

AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable.

CVE-2020-12423

February 26, 2023 by

When the Windows DLL “webauthn.dll” was missing from the Operating System, and a malicious one was placed in a folder in the user’s %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* This vulnerability affects Firefox < 78.

CVE-2020-12329

February 26, 2023 by

Uncontrolled search path in the Intel(R) VTune(TM) Profiler before version 2020 Update 1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2020-12320

February 26, 2023 by

Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM before version 2.1.10 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2020-11634

February 26, 2023 by

The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may be able to execute arbitrary code in the SYSTEM context.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 20
  • Go to page 21
  • Go to page 22
  • Go to page 23
  • Go to page 24
  • Interim pages omitted …
  • Go to page 72
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE