Search Results (2569 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-17093 2 Avast, Avg 2 Antivirus, Anti-virus 2024-11-21 7.8 High
An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms. This affects all components that use WMI, e.g., AVGSvc.exe 19.6.4546.0 and TuneupSmartScan.dll 19.1.884.0.
CVE-2019-16861 2 Code42, Microsoft 2 Code42, Windows 2024-11-21 7.3 High
Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local server.
CVE-2019-16860 2 Code42, Microsoft 2 Code42, Windows 2024-11-21 7.3 High
Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local machine.
CVE-2019-16647 2 Maxthon, Microsoft 2 Maxthon Browser, Windows 2024-11-21 7.2 High
Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows.
CVE-2019-16407 1 Jetbrains 1 Resharper 2024-11-21 7.3 High
JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.
CVE-2019-16388 1 Pega 1 Pega Platform 2024-11-21 4.3 Medium
PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect
CVE-2019-16386 1 Pega 1 Pega Platform 2024-11-21 4.3 Medium
PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect
CVE-2019-16340 1 Linksys 6 Velop Whw0301, Velop Whw0301 Firmware, Velop Whw0302 and 3 more 2024-11-21 9.8 Critical
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI.
CVE-2019-15638 1 Copadata 1 Zenon 2024-11-21 7.8 High
COPA-DATA zenone32 zenon Editor through 8.10 has an Uncontrolled Search Path Element.
CVE-2019-15628 2 Microsoft, Trendmicro 5 Windows, Antivirus \+ Security 2020, Internet Security 2020 and 2 more 2024-11-21 7.8 High
Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.
CVE-2019-15295 1 Bitdefender 1 Antivirus 2020 2024-11-21 N/A
An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path.
CVE-2019-14960 1 Jetbrains 1 Rider 2024-11-21 7.8 High
JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file.
CVE-2019-14927 2 Inea, Mitsubishielectric 4 Me-rtu, Me-rtu Firmware, Smartrtu and 1 more 2024-11-21 7.5 High
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data).
CVE-2019-14688 2 Microsoft, Trendmicro 9 Windows, Control Manager, Endpoint Sensor and 6 more 2024-11-21 7.0 High
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run.
CVE-2019-14687 1 Trendmicro 1 Password Manager 2024-11-21 N/A
A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14684.
CVE-2019-14686 2 Microsoft, Trendmicro 6 Windows, Antivirus \+ Security 2019, Internet Security 2019 and 3 more 2024-11-21 N/A
A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges.
CVE-2019-14685 2 Microsoft, Trendmicro 5 Windows, Antivirus \+ Security 2019, Internet Security 2019 and 2 more 2024-11-21 N/A
A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service.
CVE-2019-14684 1 Trendmicro 1 Password Manager 2024-11-21 N/A
A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687.
CVE-2019-14600 1 Intel 1 Snmp Subagent Stand-alone 2024-11-21 6.7 Medium
Uncontrolled search path element in the installer for Intel(R) SNMP Subagent Stand-Alone for Windows* may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-14599 1 Intel 1 Control Center-i 2024-11-21 7.8 High
Unquoted service path in Control Center-I version 2.1.0.0 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.