CVE-2019-8458

MEDIUM Year: 2019
CVSS v3 Score
4.4
Medium
CVSS v2 Score
3.5
Low
Weakness Type
CWE-114
View all →

Vulnerability Description

Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.

Related Vulnerabilities

CVE-2019-8453

MEDIUM
CVSS:5.5(Medium)

Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a maliciou...

CWE-1142019

CVE-2024-56346

CRITICAL
CVSS:10.0(Critical)

IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls.

CWE-1142024

CVE-2020-11075

CRITICAL
CVSS:9.9(Critical)

In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an imag...

CWE-1142020

CVE-2024-56347

CRITICAL
CVSS:9.6(Critical)

IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls.

CWE-1142024

CVE-2025-1950

CRITICAL
CVSS:9.3(Critical)

IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.

CWE-1142025

CVE-2024-25021

HIGH
CVSS:8.4(High)

IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands. IBM X-Force ID: 281320.

CWE-1142024