Dell EMC PowerStore 代码问题漏洞

Dell EMC PowerStore is a storage device from Dell USA. A security vulnerability exists in Dell EMC PowerStore v3.0.0.0 and earlier versions, which originates from a DLL hijacking vulnerability that can be exploited by an attacker to execute arbitrary code, elevate privileges, and bypass software...

CVE-2021-45492

In Sage 300 ERP formerly accpac through 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry in the system-wide PATH environment variable. However, this directory is writable by unprivileged users because the Sage installer fails to set explicit permissions...

UBUNTU-CVE-2022-32223

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine: OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf”...

CVE-2022-32223

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine: OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf”...

Druva 代码问题漏洞

Druva is a large-scale SaaS platform from US-based Druva, Inc. bringing the simplicity, scalability and security of the public cloud to enterprise data protection and management. A security vulnerability exists in Druva version 6.9.0 in macOS, which stems from a vulnerability that allows an...

NoMachine 安全漏洞

NoMachine is a remote desktop access tool from Luxembourg-based NoMachine. v7.9.2 of NoMachine is vulnerable to an authorization issue that originates from incorrect permissions in the C:ProgramDataNoMachinevaruninstall folder. An attacker could exploit this vulnerability to hijack the DLL and...

Naver Cloud Explorer 代码问题漏洞

Naver Cloud Explorer is a browser for accessing cloud files in Naver by Naver Korea. A security vulnerability exists in Naver Cloud Explorer. An attacker can exploit this vulnerability to execute arbitrary code with System privileges via malicious DLL injection...

CVE-2022-32270

In Real Player 20.0.7.309 and 20.0.8.310, external::Import allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder DLL planting could also occur...

Trend Micro Apex One 代码问题漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro. Trend Micro Apex One suffers from a code issue vulnerability that stems from the presence of uncontrolled search path elements in the application. A local attacker could use this vulnerability to load a DLL on an affected...

CVE-2022-31467

A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature...

CVE-2022-28965

Multiple DLL hijacking vulnerabilities via the components instup.exe and wscproxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service DoS via a crafted DLL file...

CVE-2022-28964

An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 build 21.11.6809.528 allows attackers to cause a Denial of Service DoS via a crafted DLL file...

Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries

Overview Installer of Trend Micro Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA...

XINJE XD/E Series PLC Program Tool 代码问题漏洞

XINJE XD/E Series PLC Program Tool is a programming software from China XINJE Company. A security vulnerability exists in XINJE XD/E Series PLC Program Tool version 3.5.1 and prior versions. A local attacker can exploit this vulnerability to load a malicious DLL...

F5 BIG-IP 代码问题漏洞

F5 BIG-IP APM Edge Client for Windows is a client-side access control authentication access client application from F5. F5 BIG-IP has a code issue vulnerability that can be exploited by attackers to gain privilege escalation on client Windows systems using a malicious dynamic link library DLL...

CVE-2022-28792

DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking...

LINE for Windows 安全漏洞

LINE for Windows is a Windows-based instant messaging application from Japanese company LINE. A security vulnerability exists in LINE prior to version 7.8, which stems from a build error in the openssl dependency, making LINE for Windows prior to 7.8 vulnerable to DLL injection that could lead to...

CVE-2022-29047

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...

CVE-2022-29047

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...

CVE-2022-23449

A vulnerability has been identified in SIMATIC Energy Manager Basic All versions V7.3 Update 1, SIMATIC Energy Manager PRO All versions V7.3 Update 1. A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the...