Total
951 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5526 | 1 Vmware | 1 Workstation | 2024-11-21 | N/A |
| VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed. | ||||
| CVE-2019-5443 | 4 Haxx, Microsoft, Netapp and 1 more | 10 Curl, Windows, Oncommand Insight and 7 more | 2024-11-21 | 7.8 High |
| A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. | ||||
| CVE-2019-5245 | 1 Huawei | 1 Hisuite | 2024-11-21 | N/A |
| HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing that could execute arbitrary code. | ||||
| CVE-2019-4588 | 2 Ibm, Microsoft | 2 Db2, Windows | 2024-11-21 | 7.8 High |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. | ||||
| CVE-2019-4473 | 1 Ibm | 1 Java | 2024-11-21 | 7.8 High |
| Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984. | ||||
| CVE-2019-4447 | 3 Ibm, Linux, Microsoft | 3 Db2 High Performance Unload Load, Linux Kernel, Windows | 2024-11-21 | 7.8 High |
| IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a user controlled location. When a crash is induced the trojan gdb command is executed. IBM X-Force ID: 163488. | ||||
| CVE-2019-4094 | 2 Ibm, Linux | 2 Db2, Linux Kernel | 2024-11-21 | 7.8 High |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014. | ||||
| CVE-2019-3881 | 2 Bundler, Redhat | 3 Bundler, Enterprise Linux, Rhel Software Collections | 2024-11-21 | 7.8 High |
| Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed. | ||||
| CVE-2019-3750 | 1 Dell | 1 Command Update | 2024-11-21 | 5.5 Medium |
| Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly. | ||||
| CVE-2019-3749 | 1 Dell | 1 Command Update | 2024-11-21 | 5.5 Medium |
| Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly. | ||||
| CVE-2019-3745 | 1 Dell | 2 Encryption, Endpoint Security Suite Enterprise | 2024-11-21 | 7.3 High |
| The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator. | ||||
| CVE-2019-3726 | 1 Dell | 3 Client Platforms, Emc Servers, Update Package Framework | 2024-11-21 | 6.7 Medium |
| An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in Dell EMC Servers. Dell Update Package (DUP) Framework file versions prior to 3.8.3.67 used in Dell Client Platforms. The vulnerability is limited to the DUP framework during the time window when a DUP is being executed by an administrator. During this time window, a locally authenticated low privilege malicious user potentially could exploit this vulnerability by tricking an administrator into running a trusted binary, causing it to load a malicious DLL and allowing the attacker to execute arbitrary code on the victim system. The vulnerability does not affect the actual binary payload that the DUP delivers. | ||||
| CVE-2019-3667 | 1 Mcafee | 1 Techcheck | 2024-11-21 | 6.6 Medium |
| DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker. | ||||
| CVE-2019-3613 | 1 Mcafee | 1 Agent | 2024-11-21 | 5.9 Medium |
| DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder. | ||||
| CVE-2019-20856 | 2 Apple, Mattermost | 2 Macos, Mattermost Desktop | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection. | ||||
| CVE-2019-20781 | 1 Lg | 1 Bridge | 2024-11-21 | 7.8 High |
| An issue was discovered in LG Bridge before April 2019 on Windows. DLL Hijacking can occur. | ||||
| CVE-2019-20780 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Certain security settings, related to whether packages are verified and accepted only from known sources, are mishandled. The LG ID is LVE-SMP-190002 (April 2019). | ||||
| CVE-2019-20769 | 1 Lg | 2 G3, Pc Suite | 2024-11-21 | 7.8 High |
| An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier). DLL Hijacking can occur via a Trojan horse DLL in the current working directory. The LG ID is LVE-MOT-190001 (November 2019). | ||||
| CVE-2019-20419 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 7.8 High |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2. | ||||
| CVE-2019-20406 | 2 Atlassian, Microsoft | 3 Confluence, Confluence Server, Windows | 2024-11-21 | 7.8 High |
| The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability. | ||||