Search Results (2570 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-20780 1 Google 1 Android 2024-11-21 9.8 Critical
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Certain security settings, related to whether packages are verified and accepted only from known sources, are mishandled. The LG ID is LVE-SMP-190002 (April 2019).
CVE-2019-20769 1 Lg 2 G3, Pc Suite 2024-11-21 7.8 High
An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier). DLL Hijacking can occur via a Trojan horse DLL in the current working directory. The LG ID is LVE-MOT-190001 (November 2019).
CVE-2019-20484 1 Vikisolutions 1 Vera 2024-11-21 8.1 High
An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in.
CVE-2019-20456 2 Goverlan, Microsoft 4 Client Agent, Reach Console, Reach Server and 1 more 2024-11-21 7.8 High
Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking.
CVE-2019-20419 1 Atlassian 2 Jira Data Center, Jira Server 2024-11-21 7.8 High
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2.
CVE-2019-20406 2 Atlassian, Microsoft 3 Confluence, Confluence Server, Windows 2024-11-21 7.8 High
The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability.
CVE-2019-20400 1 Atlassian 1 Jira Server 2024-11-21 7.8 High
The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability.
CVE-2019-20362 2 Microsoft, Teradici 4 Windows, Pcoip Client, Pcoip Graphics Agent and 1 more 2024-11-21 7.8 High
In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can cause execution of %PROGRAMFILES(X86)%\Teradici\PCoIP.exe instead of the intended pcoip_vchan_printing_svc.exe file.
CVE-2019-20358 2 Microsoft, Trendmicro 2 Windows, Anti-threat Toolkit 2024-11-21 7.8 High
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to CVE-2019-9491 was idenitfied and resolved in version 1.62.0.1228 of the tool.
CVE-2019-20357 2 Microsoft, Trendmicro 9 Windows, Antivirus \+ Security 2019, Antivirus \+ Security 2020 and 6 more 2024-11-21 7.8 High
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.
CVE-2019-1899 1 Cisco 6 Rv110w, Rv110w Firmware, Rv130w and 3 more 2024-11-21 5.3 Medium
A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web interface of the router.
CVE-2019-1898 1 Cisco 6 Rv110w, Rv110w Firmware, Rv130w and 3 more 2024-11-21 5.3 Medium
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.
CVE-2019-1855 1 Cisco 1 Jabber 2024-11-21 7.3 High
A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the Jabber application launches. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user's account.
CVE-2019-1220 1 Microsoft 10 Edge, Internet Explorer, Windows 10 and 7 more 2024-11-21 4.3 Medium
A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerability'.
CVE-2019-19954 2 Microsoft, Signal 2 Windows, Signal-desktop 2024-11-21 7.3 High
Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.
CVE-2019-19929 1 Malwarebytes 1 Adwcleaner 2024-11-21 7.8 High
An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product.
CVE-2019-19689 2 Microsoft, Trendmicro 2 Windows, Housecall For Home Networks 2024-11-21 7.8 High
Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses.
CVE-2019-19364 1 Sony 2 Catalyst Browse, Catalyst Production Suite 2024-11-21 7.8 High
A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. The vulnerability is in the form of DLL Hijacking. The installers try to load DLLs that don’t exist from its current directory; by doing so, an attacker can quickly escalate its privileges.
CVE-2019-19235 2 Asus, Microsoft 2 Atk Package, Windows 10 2024-11-21 7.0 High
AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name.
CVE-2019-19161 2 Cymiinstaller322 Activex Project, Microsoft 4 Cymiinstaller322 Activex, Windows 10, Windows 7 and 1 more 2024-11-21 7.2 High
CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification.