Search Results (2564 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-3916 1 Verizon 2 Fios Quantum Gateway G1100, Fios Quantum Gateway G1100 Firmware 2024-11-21 N/A
Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api).
CVE-2019-3881 2 Bundler, Redhat 3 Bundler, Enterprise Linux, Rhel Software Collections 2024-11-21 7.8 High
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.
CVE-2019-3750 1 Dell 1 Command Update 2024-11-21 5.5 Medium
Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly.
CVE-2019-3749 1 Dell 1 Command Update 2024-11-21 5.5 Medium
Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly.
CVE-2019-3745 1 Dell 2 Encryption, Endpoint Security Suite Enterprise 2024-11-21 7.3 High
The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator.
CVE-2019-3726 1 Dell 3 Client Platforms, Emc Servers, Update Package Framework 2024-11-21 6.7 Medium
An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in Dell EMC Servers. Dell Update Package (DUP) Framework file versions prior to 3.8.3.67 used in Dell Client Platforms. The vulnerability is limited to the DUP framework during the time window when a DUP is being executed by an administrator. During this time window, a locally authenticated low privilege malicious user potentially could exploit this vulnerability by tricking an administrator into running a trusted binary, causing it to load a malicious DLL and allowing the attacker to execute arbitrary code on the victim system. The vulnerability does not affect the actual binary payload that the DUP delivers.
CVE-2019-3667 1 Mcafee 1 Techcheck 2024-11-21 6.6 Medium
DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker.
CVE-2019-3648 1 Mcafee 3 Anti-virus Plus, Internet Security, Total Protection 2024-11-21 6.1 Medium
A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.
CVE-2019-3646 1 Mcafee 1 Total Protection 2024-11-21 6.9 Medium
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.
CVE-2019-3613 1 Mcafee 1 Agent 2024-11-21 5.9 Medium
DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder.
CVE-2019-3587 2 Mcafee, Microsoft 2 Total Protection, Windows 2024-11-21 N/A
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder.
CVE-2019-25012 1 Webform Report Project 1 Webform Report 2024-11-21 7.5 High
The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy.
CVE-2019-20856 2 Apple, Mattermost 2 Macos, Mattermost Desktop 2024-11-21 9.8 Critical
An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection.
CVE-2019-20781 1 Lg 1 Bridge 2024-11-21 7.8 High
An issue was discovered in LG Bridge before April 2019 on Windows. DLL Hijacking can occur.
CVE-2019-20780 1 Google 1 Android 2024-11-21 9.8 Critical
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Certain security settings, related to whether packages are verified and accepted only from known sources, are mishandled. The LG ID is LVE-SMP-190002 (April 2019).
CVE-2019-20769 1 Lg 2 G3, Pc Suite 2024-11-21 7.8 High
An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier). DLL Hijacking can occur via a Trojan horse DLL in the current working directory. The LG ID is LVE-MOT-190001 (November 2019).
CVE-2019-20484 1 Vikisolutions 1 Vera 2024-11-21 8.1 High
An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in.
CVE-2019-20456 2 Goverlan, Microsoft 4 Client Agent, Reach Console, Reach Server and 1 more 2024-11-21 7.8 High
Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking.
CVE-2019-20419 1 Atlassian 2 Jira Data Center, Jira Server 2024-11-21 7.8 High
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2.
CVE-2019-20406 2 Atlassian, Microsoft 3 Confluence, Confluence Server, Windows 2024-11-21 7.8 High
The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability.