Jenkins Pipeline访问控制错误漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Pipeline is a suite of plugins that support the implementation and integration of continuous delivery pipelines int...

CVE-2022-25348

Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory...

HiBARA Software AttacheCase 代码问题漏洞

HiBARA Software AttacheCase is a powerful file/folder encryption software from the Japanese individual developer Hibara Mitsuhiro. A code issue vulnerability exists in HiBARA Software AttacheCase version 4.0.2.7, which arises from loading DLL libraries in an insecure manner. A remote attacker can...

HiBARA Software AttacheCase 代码问题漏洞

HiBARA Software AttacheCase is a powerful file/folder encryption software from the Japanese individual developer Hibara Mitsuhiro. A code issue vulnerability exists in HiBARA Software AttacheCase version 3.6.1.0, which arises from an application loading DLL libraries in an insecure manner. A remo...

CVE-2020-25182

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...

CVE-2022-26511

WPS Presentation 11.8.0.5745 insecurely load d3dx941.dll when opening .pps files'current directory type' DLL loading...

CVE-2022-25969

The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL or some other DLLs, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer...

KINGSOFT WPS Presentation 代码问题漏洞

KINGSOFT WPS Presentation is an application from the Chinese company KINGSOFT. It is used to create presentations. A code issue vulnerability exists in KINGSOFT WPS Presentation version 11.8.0.5745, which stems from the application loading DLL libraries in an insecure manner. A remote attacker...

Installer of Trend Micro Portable Security may insecurely load Dynamic Link Libraries

Overview Trend Micro Incorporated has released a security update for Trend Micro Portable Security. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A local attacker may obtain the administrative privilege when the product's...

CVE-2022-23401

The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00...

CVE-2022-25366

Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious...

Cryptomator 代码问题漏洞

Cryptomator is a simple digital self-defense tool from the Cryptomator community. It is used to protect data. Cryptomator suffers from a code issue vulnerability that stems from the fact that an attacker can exploit the vulnerability can exploit this by creating a malicious .dylib file that can b...

PT-2022-2583 · Unknown +1 · Git For Windows +1

Name of the Vulnerable Software and Affected Versions: Git for Windows versions prior to 2.35.2 Description: The issue is related to a DLL hijacking vulnerability in the uninstaller of Git for Windows when run under the SYSTEM user account. This vulnerability is due to an uncontrolled search path...

CVE-2020-12891

AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable...

Acer Care Center 代码问题漏洞

Acer Care Center is a system care center from Acer China that backs up or restores your system settings and network drivers to prevent the effects of system failure. Acer Care Center has a security vulnerability that can be exploited by an attacker by placing a malicious DLL file on the target...

PT-2022-9880 · Alps Alpine · Alps Alpine Touchpad Driver

Name of the Vulnerable Software and Affected Versions: Alps Alpine Touchpad Driver version 10.3201.101.215 Description: The issue concerns a DLL Injection problem. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world...

VulnCheck KEV: CVE-2012-3015

Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse DLL in a STEP7 project folder...

CVE-2021-42110

An issue was discovered in Allegro Windows formerly Popsy Windows before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking...

TIETEN Acronis Cyber Protect 代码问题漏洞

Acronis Cyber Protect is an application. Provides unified protection for your network by integrating backup, disaster recovery, AI-based malware protection, remote assistance and security into a single, reliable tool.Acronis Cyber Protect 15 suffers from a DLL hijacking vulnerability that could b...

Fortinet FortiClient 代码问题漏洞

FortiClient is a mobile endpoint security solution from Fortinet, Inc. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance.FortiClient is vulnerable to an elevation of privilege...