Search Results (2564 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-16388 1 Pega 1 Pega Platform 2024-11-21 4.3 Medium
PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect
CVE-2019-16386 1 Pega 1 Pega Platform 2024-11-21 4.3 Medium
PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect
CVE-2019-16340 1 Linksys 6 Velop Whw0301, Velop Whw0301 Firmware, Velop Whw0302 and 3 more 2024-11-21 9.8 Critical
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI.
CVE-2019-15638 1 Copadata 1 Zenon 2024-11-21 7.8 High
COPA-DATA zenone32 zenon Editor through 8.10 has an Uncontrolled Search Path Element.
CVE-2019-15628 2 Microsoft, Trendmicro 5 Windows, Antivirus \+ Security 2020, Internet Security 2020 and 2 more 2024-11-21 7.8 High
Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.
CVE-2019-15295 1 Bitdefender 1 Antivirus 2020 2024-11-21 N/A
An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path.
CVE-2019-14960 1 Jetbrains 1 Rider 2024-11-21 7.8 High
JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file.
CVE-2019-14927 2 Inea, Mitsubishielectric 4 Me-rtu, Me-rtu Firmware, Smartrtu and 1 more 2024-11-21 7.5 High
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data).
CVE-2019-14688 2 Microsoft, Trendmicro 9 Windows, Control Manager, Endpoint Sensor and 6 more 2024-11-21 7.0 High
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run.
CVE-2019-14687 1 Trendmicro 1 Password Manager 2024-11-21 N/A
A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14684.
CVE-2019-14686 2 Microsoft, Trendmicro 6 Windows, Antivirus \+ Security 2019, Internet Security 2019 and 3 more 2024-11-21 N/A
A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges.
CVE-2019-14685 2 Microsoft, Trendmicro 5 Windows, Antivirus \+ Security 2019, Internet Security 2019 and 2 more 2024-11-21 N/A
A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service.
CVE-2019-14684 1 Trendmicro 1 Password Manager 2024-11-21 N/A
A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687.
CVE-2019-14600 1 Intel 1 Snmp Subagent Stand-alone 2024-11-21 6.7 Medium
Uncontrolled search path element in the installer for Intel(R) SNMP Subagent Stand-Alone for Windows* may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-14599 1 Intel 1 Control Center-i 2024-11-21 7.8 High
Unquoted service path in Control Center-I version 2.1.0.0 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-14347 1 Schben 1 Adive 2024-11-21 8.8 High
Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script.
CVE-2019-14271 3 Debian, Docker, Opensuse 3 Debian Linux, Docker, Leap 2024-11-21 9.8 Critical
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.
CVE-2019-14242 2 Bitdefender, Microsoft 5 Antivirus Plus, Endpoint Security Tool, Internet Security and 2 more 2024-11-21 N/A
An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges.
CVE-2019-13981 1 Rangerstudio 1 Directus 7 Api 2024-11-21 N/A
In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. This is related to a configuration option in which the file collection can be non-public, but this option does not apply to the thumbnailer.
CVE-2019-13637 1 Logmeininc 1 Join.me 2024-11-21 N/A
In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.