Show CWE-426: Untrusted Search Path - CXSecurity.com

Sorry. No results for Bugtraq WLB2

CVEMAP Search Results

CVE

Details

Description

2019-10-24

Medium

CVE-2019-18196

Updating...

A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 (fixed in 11.0.214397), 12.0.181268 (fixed in 12.0.214399), 13.2.36215 (fixed in 13.2.36216), and 14.6.4835 (fixed in 14.7.1965) on Windows could allow an attacker to perform code execution on a target system via a service restart where the DLL was previously installed with administrative privileges. Exploitation requires that an attacker be able to create a new file in the TeamViewer application directory; directory permissions restrict that by default.

2019-10-23

Medium

CVE-2019-17093

Updating...

An issue was discovered in Avast antivirus before 19.8 and AVG antivirus before 19.8. A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms. This affects all components that use WMI, e.g., AVGSvc.exe 19.6.4546.0 and TuneupSmartScan.dll 19.1.884.0.

2019-10-07

Medium

CVE-2019-3745

Vendor: DELL
Software: Encryption

The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator.

2019-10-02

Medium

CVE-2019-16407

Vendor: Jetbrains
Software: Resharper

JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.

2019-10-01

Medium

CVE-2019-14960

Vendor: Jetbrains
Software: Rider

JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file.

2019-09-24

Medium

CVE-2019-13357

Vendor: Totaldefense
Software: Anti-virus

In Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used by caschelp.exe allows local attackers to hijack ccGUIFrm.dll, which leads to code execution. SYSTEM-level code execution can be achieved when the ccSchedulerSVC service runs the affected executable.

2019-09-17

Medium

CVE-2019-6826

Vendor: Schneider-electric
Software: Somachine hvac

A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product.

2019-09-13

Medium

CVE-2019-3646

Vendor: Mcafee
Software: Total protection

DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.

2019-09-12

Medium

CVE-2019-8076

Vendor: Adobe
Software: Application ...

Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.

2019-08-29

Medium

CVE-2019-8461

Vendor: Checkpoint
Software: Endpoint sec...

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.

Copyright 2019, cxsecurity.com