Lucene search
K

68 matches found

Tenable Nessus
Tenable Nessus
added 2025/06/18 12:0 a.m.4 views

Streamline NX Client 3.5.0 - 3.7.0 MiTM (2025-000006)

The version of Streamline NX Client installed on the remote host is between 3.5.0 and 3.7.0. It is, therefore, affected by a vulnerability as referenced in the 2025-000006 advisory. It contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-midd...

2.5CVSS6.4AI score0.00109EPSS
Exploits0References2
NVD
NVD
added 2025/06/13 9:15 a.m.10 views

CVE-2025-48825

RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attack to eavesdrop upgrade requests and execute a malicious DLL with custom code...

2.5CVSS0.00109EPSS
Exploits0References2
CVE
CVE
added 2025/06/13 8:19 a.m.41 views

CVE-2025-48825

The CVE-2025-48825 affects Ricoh Streamline NX V3 PC Client, versions 3.5.0–3.7.0. The issue is use of a less trusted source, enabling a local-MITM attacker to eavesdrop upgrade requests and execute a malicious DLL with custom code. Impact is limited to scenarios where an attacker can position th...

2.5CVSS7AI score0.00109EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/06/13 7:9 a.m.3 views

Multiple vulnerabilities in RICOH Streamline NX PC Client

Overview RICOH Streamline NX PC Client provided by Ricoh Company, Ltd. contains multiple vulnerabilities listed below. External control of file name or path CWE-73 - CVE-2025-36506 Path traversal CWE-22 - CVE-2025-46783 Use of less trusted source CWE-348 - CVE-2025-48825 Ricoh Company, Ltd...

9.8CVSS7.2AI score0.00776EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/23 4:50 a.m.10 views

CVE-2023-28872

Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport location...

8.8CVSS7.1AI score0.00774EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:36 a.m.10 views

CVE-2023-28353

An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to...

8.8CVSS7.6AI score0.01362EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:22 a.m.7 views

CVE-2019-10971

The application Network Configurator for DeviceNet Safety 3.41 and prior searches for resources by means of an untrusted search path that could execute a malicious .dll file not under the application's direct control and outside the intended directories...

7.8CVSS7.1AI score0.01056EPSS
Exploits0References1
OSV
OSV
added 2025/02/06 8:15 a.m.4 views

CVE-2025-22894

Unprotected Windows messaging channel 'Shatter' issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary files in the system may be altered. As a...

8.8CVSS5.8AI score0.00139EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/06 7:5 a.m.5 views

CVE-2025-22894

Unprotected Windows messaging channel 'Shatter' issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary files in the system may be altered. As a...

6.5CVSS6.8AI score0.00139EPSS
Exploits0References2
NVD
NVD
added 2025/01/28 9:15 p.m.8 views

CVE-2025-24482

A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions...

7CVSS0.00247EPSS
Exploits0References1
CVE
CVE
added 2025/01/28 8:59 p.m.42 views

CVE-2025-24482

Rockwell Automation FactoryTalk View Site Edition has a Local Code Injection vulnerability due to incorrect default permissions on the remote debugger port, affecting all versions prior to 15.0. Affected functionality includes DLLs being executed with elevated privileges, potentially enabling una...

7CVSS7.6AI score0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/28 8:59 p.m.10 views

CVE-2025-24482 FactoryTalk® View Site Edition - Local Code Injection

A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions...

7CVSS0.00247EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/28 8:59 p.m.6 views

CVE-2025-24482 FactoryTalk® View Site Edition - Local Code Injection

A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions...

7CVSS7AI score0.00247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.5 views

PT-2024-17005 · Autodesk · Autodesk Revit

Name of the Vulnerable Software and Affected Versions: Autodesk Revit affected versions not specified Description: The issue allows a maliciously crafted DLL file to be loaded by Autodesk Revit when placed in the same directory as an RVT file, potentially executing arbitrary code in the context o...

7.8CVSS6.5AI score0.00196EPSS
Exploits0References6
NVD
NVD
added 2024/11/18 6:15 a.m.32 views

CVE-2024-52945

An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL...

7.8CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2024/10/25 7:15 a.m.18 views

CVE-2024-50583

Whale browser Installer before 3.1.0.0 allows an attacker to execute a malicious DLL in the user environment due to improper permission settings...

6.3CVSS0.00268EPSS
Exploits0References1
NVD
NVD
added 2023/12/25 7:15 a.m.18 views

CVE-2023-28872

Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport location...

8.8CVSS0.00774EPSS
Exploits1References1
Prion
Prion
added 2023/12/25 7:15 a.m.13 views

Design/Logic Flaw

Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport location...

6.5CVSS7.3AI score0.00774EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/12/25 12:0 a.m.3 views

NCP Secure Enterprise Client Security Vulnerability

NCP Secure Enterprise Client is a VPN Virtual Private Network client application from NCP Germany. A security vulnerability exists in NCP Secure Enterprise Client versions prior to 13.10, which originates in Support Assistant that allows an attacker to execute DLL files with system privileges by...

8.8CVSS6.9AI score0.00774EPSS
Exploits1References2
CVE
CVE
added 2023/12/25 12:0 a.m.44 views

CVE-2023-28872

CVE-2023-28872 affects NCP Secure Enterprise Client prior to version 13.10. The vulnerability originates in the Support Assistant component, where an attacker can cause DLLs to run with SYSTEM privileges by exploiting a symbolic link at %LOCALAPPDATA%\Temp\NcpSupport*. Impact: potential privilege...

8.8CVSS8.6AI score0.00774EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder