Search Results (2570 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-10248 1 Meinbwa 2 Direx-pro, Direx-pro Firmware 2024-11-21 7.5 High
BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3.
CVE-2020-10051 1 Siemens 1 Simatic Rtls Locating Manager 2024-11-21 7.8 High
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are execeuted instead of the legitimate service.
CVE-2020-0598 1 Intel 1 Binary Configuration Tool 2024-11-21 7.8 High
Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-0570 2 Qt, Redhat 2 Qt, Enterprise Linux 2024-11-21 7.3 High
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
CVE-2020-0565 1 Intel 1 Graphics Driver 2024-11-21 7.8 High
Uncontrolled search path in Intel(R) Graphics Drivers before version 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-0546 2 Intel, Microsoft 2 Optane Dc Persistent Memory Module Management, Windows Server 2019 2024-11-21 7.8 High
Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Module Management Software before version 1.0.0.3461 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access.
CVE-2020-0515 1 Intel 1 Graphics Driver 2024-11-21 7.8 High
Uncontrolled search path element in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7584, 15.45.30.5103, 15.40.44.5107, 15.36.38.5117, and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege via local access
CVE-2020-0507 1 Intel 1 Graphics Driver 2024-11-21 4.4 Medium
Unquoted service path in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2019-9896 3 Microsoft, Opensuse, Putty 4 Windows, Backports Sle, Leap and 1 more 2024-11-21 7.8 High
In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.
CVE-2019-9884 1 Eclass 1 Eclass Ip 2024-11-21 9.8 Critical
eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page.
CVE-2019-9798 2 Google, Mozilla 2 Android, Firefox 2024-11-21 N/A
On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This issue only affects Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66.
CVE-2019-9634 2 Golang, Microsoft 2 Go, Windows 2024-11-21 7.8 High
Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.
CVE-2019-9584 1 Eq-3 4 Homematic Ccu2, Homematic Ccu2 Firmware, Homematic Ccu3 and 1 more 2024-11-21 N/A
eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages.
CVE-2019-9552 1 Eloan Project 1 Eloan 2024-11-21 N/A
Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the p2p/api/ or p2p/lib/ or p2p/images/ URI.
CVE-2019-9546 1 Solarwinds 1 Orion Platform 2024-11-21 N/A
SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.
CVE-2019-9492 2 Microsoft, Trendmicro 2 Windows, Officescan 2024-11-21 N/A
A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. The attacker must have already gained authentication and have local access to the vulnerable system.
CVE-2019-9491 2 Microsoft, Trendmicro 2 Windows, Anti-threat Toolkit 2024-11-21 7.8 High
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.
CVE-2019-9116 2 Microsoft, Sublimetext 2 Windows 7, Sublime Text 3 2024-11-21 N/A
DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublime_text.exe to open a .txt file within an attacker's %LOCALAPPDATA%\Temp\sublime_text folder. NOTE: the vendor's position is "This does not appear to be a bug with Sublime Text, but rather one with Windows that has been patched.
CVE-2019-8801 1 Apple 2 Itunes, Mac Os X 2024-11-21 7.8 High
A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.
CVE-2019-8461 1 Checkpoint 3 Capsule Docs Standalone Client, Endpoint Security, Remote Access Clients 2024-11-21 N/A
Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.