CVE-2019-4448

HIGH Year: 2019
CVSS v3 Score
8.4
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-269
View all →

Vulnerability Description

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489.

Related Vulnerabilities

CVE-1999-0084

HIGH
CVSS:8.4(High)

Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.

CWE-2691999

CVE-2016-1572

HIGH
CVSS:8.4(High)

mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated ...

CWE-2692016

CVE-2018-5884

HIGH
CVSS:8.4(High)

Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents.

CWE-2692018

CVE-2021-1051

HIGH
CVSS:8.4(High)

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a local user can get elevated privileges to modify display con...

CWE-2692021

CVE-2021-22376

HIGH
CVSS:8.4(High)

A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to bypass user restrictions.

CWE-2692021

CVE-2022-48226

HIGH
CVSS:8.4(High)

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:\Windows\Temp. A standard user can create the path file ahead of time and obtain el...

CWE-2692022