621 matches found
CVE-2020-6788 Uncontrolled Search Path Element in Bosch Configuration Manager Installer
Loading a DLL through an Uncontrolled Search Path Element in the Bosch Configuration Manager installer up to and including version 7.21.0078 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in...
CVE-2020-6787
CVE-2020-6787 affects Bosch Video Client installer (up to version 1.7.6.079). The issue is an Uncontrolled Search Path Element that can allow arbitrary code execution when a user places a malicious DLL in the same directory from which the installer is launched. Root cause: DLL loading from an unc...
CVE-2020-6786 Uncontrolled Search Path Element in Bosch Video Recording Manager Installer
Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Recording Manager installer up to and including version 3.82.0055 for 3.82, up to and including version 3.81.0064 for 3.81 and 3.71 and older potentially allows an attacker to execute arbitrary code on a victim's system....
CVE-2020-6785
This CVE (CVE-2020-6785) describes a code execution vulnerability in Bosch BVMS and BVMS Viewer via Loading a DLL through an Uncontrolled Search Path Element. Affected are BVMS versions 10.1.0, 10.0.1, 10.0.0, 9.0.0 and older, including BVMS installers and installed BVMS, plus related DIVAR IP pr...
CVE-2020-6771
Bosch IP Helper (industrial control tool) is affected by CVE-2020-6771 due to an Uncontrolled Search Path Element when loading DLLs. Versions up to 1.00.0008 are affected. The vulnerability requires the victim to place a malicious DLL in the same directory as the portable IP Helper application, e...
CVE-2020-7346
Privilege Escalation vulnerability in McAfee Data Loss Prevention DLP for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attack...
HPSBGN03722 rev. 1 - HP Support Assistant Weak ACL and DLL Loading Vulnerability
Potential Security Impact Execution of arbitrary code. Source: HP, HP Product Security Response Team PSRT Reported by: Rémi ESCOURROU @remiescourrou VULNERABILITY SUMMARY A weak ACL may potentially allow an unauthorized person to load arbitrary code. RESOLUTION A patch was released on March 10,...
JVN#18056666: Installer of MagicConnect Client program may insecurely load Dynamic Link Libraries
Installer of MagicConnect Client program provided by NTT TechnoCross Corporation contains a vulnerability which may lead to insecurely loading Dynamic Link Libraries CWE-427 when a terminal is connected remotely using Remote desktop. Impact Arbitrary code may be executed with the privilege of the...
CVE-2021-22980
In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility CTU for Windows could allow an attacker to load a malicious DLL library from its current directory. User...
CVE-2021-22980
In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility CTU for Windows could allow an attacker to load a malicious DLL library from its current directory. User...
CVE-2021-1280
A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection AMP for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need valid...
CVE-2021-1240
A vulnerability in the loading process of specific DLLs in Cisco Proximity Desktop for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to...
The vulnerability of the DLL library loading mechanism of the Cisco Webex Teams software for Windows allows a malicious actor to load a malicious library into the system.
The vulnerability of the DLL library loading mechanism for Cisco Webex Teams software for Windows is related to errors in processing path handling for directories. Exploiting this vulnerability can allow an attacker to load the malicious library into memory...
Code injection
Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point...
CVE-2020-6014
Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point...
Design/Logic Flaw
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in multiple components in which a securely loaded system DLL will load its dependencies in an insecure fashion, which may lead to code execution or denial of service...
CVE-2020-5980
CVE-2020-5980 affects NVIDIA Windows GPU Display Driver. The vulnerability is described as a securely loaded system DLL loading its dependencies in an insecure fashion, potentially enabling code execution or denial of service. NVIDIA’s bulletin and security updates indicate fixes across Windows d...
Security Bulletin: Improper DLL loading vulnerability affecting Aspera Connect 3.9.9 and earlier
Summary IBM Aspera Connect could allow a local attacker to execute arbitrary code on the Windows system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execut...
CVE-2020-4545
IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitra...
CVE-2020-24972
The Kleopatra component before 3.1.12 and before 20.07.80 for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL...