CVE-2022-23401

The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00...

CVE-2022-23401

The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00...

Code injection

The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00...

CVE-2022-23401

The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00...

CVE-2022-23401

CVE-2022-23401 affects Yokogawa CENTUM CS 3000 (R3.08.10–R3.09.00), CENTUM VP (R4.01.00–R4.03.00, R5.01.00–R5.04.20, R6.01.00–R6.08.00) and Exaopc (R3.72.00–R3.79.00). The issue is an insecure DLL loading / uncontrolled search path element vulnerability in these products. Impact per sources indic...

The vulnerability of the command-line utility reg.exe, a tool for development and automatic updates of VMware InstallBuilder installer for Windows operating systems, allows a malicious individual to execute arbitrary commands.

The vulnerability of the command-line utility reg.exe, a tool for development and automatic updates of VMware InstallBuilder installer for Windows operating systems, is related to errors in the mechanism for checking pathfinding for dynamically linked libraries. Exploiting this vulnerability coul...

CVE-2021-38416

Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed...

Code injection

Many of the services used by the affected product do not specify full paths for the DLLs they are loading. An attacker can exploit the uncontrolled search path by implanting their own DLL near the affected product’s binaries, thus hijacking the loaded DLL...

Zoom Client < 5.0.4 Privilege Escalation Vulnerability (ZSB-20002) - Windows

Zoom Client is prone to a privilege escalation vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

The vulnerability of the print spooler driver in Windows operating systems allows attackers to elevate their privileges.

The vulnerability of the Windows Print Spooler in operating systems related to the Windows platform is associated with deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading a malicious DLL library remotely...

CVE-2021-1089

NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, and data tampering...

CVE-2021-1089

NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, and data tampering...

Design/Logic Flaw

NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, and data tampering...

CVE-2021-1089

CVE-2021-1089 affects NVIDIA GPU Display Driver for Windows, with a vulnerability in nvidia-smi that allows an uncontrolled DLL loading path, potentially enabling local arbitrary code execution, denial of service, information disclosure, or data tampering. NVIDIA’s security bulletin lists Windows...

CVE-2021-1089

NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, and data tampering...

Security Bulletin: NVIDIA GPU Display Drivers - July 2021

NVIDIA has released a software security update for NVIDIA GPU Display Drivers. This update addresses issues that may lead to information disclosure, data tampering, and denial of service. To protect your system, download and install this software update through the NVIDIA Driver Downloads page or...

CVE-2021-3606

OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process openvpn.exe...

The vulnerability of the DLL loading mechanism used by Cisco AnyConnect Secure Mobility Client for Windows allows a malicious actor to execute arbitrary code with SYSTEM privileges.

The vulnerability of the DLL loading mechanism used by Cisco AnyConnect Secure Mobility Client for Windows arises from a situation where there is a race in the process of verifying signatures for DLL files. Exploiting this vulnerability allows an attacker to execute arbitrary code with SYSTEM...

CVE-2021-1567

A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture HostScan Module is installed on the AnyConnect client. This vulnerability is...

CVE-2021-1567

CVE-2021-1567 describes a local, authenticated race-condition DLL hijack in Cisco AnyConnect Secure Mobility Client for Windows when the VPN Posture (HostScan) Module is installed. The vulnerability stems from the DLL loading/signature verification path during IPC-driven file copies, allowing an ...