Total
492 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20456 | 2 Goverlan, Microsoft | 4 Client Agent, Reach Console, Reach Server and 1 more | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking. | |||||
| CVE-2019-20358 | 2 Microsoft, Trendmicro | 2 Windows, Anti-threat Toolkit | 2024-11-21 | 5.1 MEDIUM | 7.8 HIGH |
| Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to CVE-2019-9491 was idenitfied and resolved in version 1.62.0.1228 of the tool. | |||||
| CVE-2019-19929 | 1 Malwarebytes | 1 Adwcleaner | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product. | |||||
| CVE-2019-19161 | 2 Cymiinstaller322 Activex Project, Microsoft | 4 Cymiinstaller322 Activex, Windows 10, Windows 7 and 1 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification. | |||||
| CVE-2019-18996 | 1 Abb | 1 Pb610 Panel Builder 600 | 2024-11-21 | 4.4 MEDIUM | 7.1 HIGH |
| Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application’s context. | |||||
| CVE-2019-18196 | 2 Microsoft, Teamviewer | 2 Windows, Teamviewer | 2024-11-21 | 6.9 MEDIUM | 6.7 MEDIUM |
| A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 (fixed in 11.0.214397), 12.0.181268 (fixed in 12.0.214399), 13.2.36215 (fixed in 13.2.36216), and 14.6.4835 (fixed in 14.7.1965) on Windows could allow an attacker to perform code execution on a target system via a service restart where the DLL was previously installed with administrative privileges. Exploitation requires that an attacker be able to create a new file in the TeamViewer application directory; directory permissions restrict that by default. | |||||
| CVE-2019-17664 | 1 Nsa | 1 Ghidra | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python interpreter via the "Ghidra Codebrowser > Window > Python" option, Ghidra will try to execute the cmd.exe program from this working directory. | |||||
| CVE-2019-17449 | 1 Avira | 1 Software Updater | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. NOTE: The vendor thinks that this vulnerability is invalid because exploiting it would require at least administrator privileges and would gain only SYSTEM privileges | |||||
| CVE-2019-17446 | 2 Eracent, Linux | 2 Epa Agent, Linux Kernel | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Eracent EPA Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be used to start external programs with elevated permissions because of an Untrusted Search Path. | |||||
| CVE-2019-17100 | 1 Bitdefender | 1 Total Security 2020 | 2024-11-21 | 4.4 MEDIUM | 5.2 MEDIUM |
| An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69. | |||||
| CVE-2019-17099 | 1 Bitdefender | 1 Endpoint Security Tools | 2024-11-21 | 4.4 MEDIUM | 5.3 MEDIUM |
| An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163. | |||||
| CVE-2019-16861 | 2 Code42, Microsoft | 2 Code42, Windows | 2024-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local server. | |||||
| CVE-2019-16860 | 2 Code42, Microsoft | 2 Code42, Windows | 2024-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local machine. | |||||
| CVE-2019-15628 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus \+ Security 2020, Internet Security 2020 and 2 more | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started. | |||||
| CVE-2019-15295 | 1 Bitdefender | 1 Antivirus 2020 | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path. | |||||
| CVE-2019-14960 | 1 Jetbrains | 1 Rider | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file. | |||||
| CVE-2019-14599 | 1 Intel | 1 Control Center-i | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Unquoted service path in Control Center-I version 2.1.0.0 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-13637 | 1 Logmeininc | 1 Join.me | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system. | |||||
| CVE-2019-13357 | 1 Totaldefense | 1 Anti-virus | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used by caschelp.exe allows local attackers to hijack ccGUIFrm.dll, which leads to code execution. SYSTEM-level code execution can be achieved when the ccSchedulerSVC service runs the affected executable. | |||||
| CVE-2019-12912 | 1 Rdbrck | 1 Shift | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application. | |||||