ReportizFlow
Filtered by vendor
Subscriptions
Total
554 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17664 | 1 Nsa | 1 Ghidra | 2024-11-21 | 7.8 High |
| NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python interpreter via the "Ghidra Codebrowser > Window > Python" option, Ghidra will try to execute the cmd.exe program from this working directory. | ||||
| CVE-2019-17449 | 1 Avira | 1 Software Updater | 2024-11-21 | 6.7 Medium |
| Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. NOTE: The vendor thinks that this vulnerability is invalid because exploiting it would require at least administrator privileges and would gain only SYSTEM privileges | ||||
| CVE-2019-17446 | 2 Eracent, Linux | 2 Epa Agent, Linux Kernel | 2024-11-21 | 7.8 High |
| An issue was discovered in Eracent EPA Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be used to start external programs with elevated permissions because of an Untrusted Search Path. | ||||
| CVE-2019-17100 | 1 Bitdefender | 1 Total Security 2020 | 2024-11-21 | 5.2 Medium |
| An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69. | ||||
| CVE-2019-17099 | 1 Bitdefender | 1 Endpoint Security Tools | 2024-11-21 | 5.3 Medium |
| An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163. | ||||
| CVE-2019-16861 | 2 Code42, Microsoft | 2 Code42, Windows | 2024-11-21 | 7.3 High |
| Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local server. | ||||
| CVE-2019-16860 | 2 Code42, Microsoft | 2 Code42, Windows | 2024-11-21 | 7.3 High |
| Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local machine. | ||||
| CVE-2019-15628 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus \+ Security 2020, Internet Security 2020 and 2 more | 2024-11-21 | 7.8 High |
| Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started. | ||||
| CVE-2019-15295 | 1 Bitdefender | 1 Antivirus 2020 | 2024-11-21 | N/A |
| An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path. | ||||
| CVE-2019-14960 | 1 Jetbrains | 1 Rider | 2024-11-21 | 7.8 High |
| JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file. | ||||
| CVE-2019-14599 | 1 Intel | 1 Control Center-i | 2024-11-21 | 7.8 High |
| Unquoted service path in Control Center-I version 2.1.0.0 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14271 | 3 Debian, Docker, Opensuse | 3 Debian Linux, Docker, Leap | 2024-11-21 | 9.8 Critical |
| In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. | ||||
| CVE-2019-13637 | 1 Logmeininc | 1 Join.me | 2024-11-21 | N/A |
| In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system. | ||||
| CVE-2019-13357 | 1 Totaldefense | 1 Anti-virus | 2024-11-21 | 7.8 High |
| In Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used by caschelp.exe allows local attackers to hijack ccGUIFrm.dll, which leads to code execution. SYSTEM-level code execution can be achieved when the ccSchedulerSVC service runs the affected executable. | ||||
| CVE-2019-12912 | 1 Rdbrck | 1 Shift | 2024-11-21 | N/A |
| Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application. | ||||
| CVE-2019-12576 | 2 Apple, Londontrustmedia | 2 Macos, Private Internet Access Vpn Client | 2024-11-21 | N/A |
| A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openvpn_launcher binary is setuid root. This program is called during the connection process and executes several operating system utilities to configure the system. The networksetup utility is called using relative paths. A local unprivileged user can execute arbitrary commands as root by creating a networksetup trojan which will be executed during the connection process. This is possible because the PATH environment variable is not reset prior to executing the OS utility. | ||||
| CVE-2019-12574 | 2 Londontrustmedia, Microsoft | 2 Private Internet Access Vpn Client, Windows | 2024-11-21 | N/A |
| A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v1.0 for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The PIA client is vulnerable to a DLL injection vulnerability during the software update process. The updater loads several libraries from a folder that authenticated users have write access to. A low privileged user can leverage this vulnerability to execute arbitrary code as SYSTEM. | ||||
| CVE-2019-12569 | 1 Rakuten | 1 Viber | 2024-11-21 | N/A |
| A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user, if the attacker can place a crafted library in a directory that is accessible to the vulnerable system. | ||||
| CVE-2019-11771 | 1 Eclipse | 1 Openj9 | 2024-11-21 | 7.8 High |
| AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users. | ||||
| CVE-2019-11660 | 1 Microfocus | 1 Data Protector | 2024-11-21 | 7.8 High |
| Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges. | ||||