Lucene search
K

1216 matches found

CNNVD
CNNVD
added 2023/01/03 12:0 a.m.5 views

ServiSign 路径遍历漏洞

Changingtec ServiSign is a system from Changingtec Taiwan, China. The system provides a cross-platform solution for digital signatures and authentication. A security vulnerability exists in ServiSign that stems from insufficient filtering of special characters in the path of a DLL file...

8.8CVSS7.3AI score0.00917EPSS
Exploits0References2
OSV
OSV
added 2022/12/22 2:15 a.m.4 views

CVE-2021-36631

Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

6.7CVSS5.8AI score0.0032EPSS
Exploits1References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/12/21 5:23 a.m.1 views

Installers generated by Squirrel.Windows may insecurely load Dynamic Link Libraries

Overview Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427...

7.8CVSS6.8AI score0.00393EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/12/21 12:0 a.m.5 views

PT-2022-27823 · Unknown · Squirrel.Windows

Name of the Vulnerable Software and Affected Versions: Squirrel.Windows versions 2.0.1 and earlier Description: The issue is related to the DLL search path in installers generated by Squirrel.Windows, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be...

7.8CVSS7.6AI score0.00393EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/12/19 12:0 a.m.3 views

HCL Domino 缓冲区错误漏洞

HCL Domino is an application from HCL India. It provides a platform for application development. HCL Domino suffers from a buffer error vulnerability that stems from vulnerability to a stack-based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView, which can be exploited by an...

9.8CVSS8.2AI score0.00704EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/12/14 12:0 a.m.5 views

The vulnerability of the Content Transfer software installer for Windows allows a hacker to increase their privileges.

The vulnerability of the Content Transfer software installer for Windows is related to the use of an unreliable search path. Exploiting this vulnerability can allow a hacker to increase their privileges through a specially created DLL...

7.8CVSS7.2AI score0.00204EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/12/13 4:15 p.m.3 views

CVE-2022-41281

A vulnerability has been identified in JT2Go All versions V14.1.0.6, Teamcenter Visualization V13.2 All versions V13.2.0.12, Teamcenter Visualization V13.3 All versions V13.3.0.8, Teamcenter Visualization V14.0 All versions V14.0.0.4, Teamcenter Visualization V14.1 All versions V14.1.0.6. The...

7.8CVSS5.9AI score0.00296EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.2 views

Siemens SICAM PAS/PQS 代码问题漏洞

Siemens SICAM PAS/PQS is a software from Siemens with an operating system for energy automation and power quality. A security vulnerability exists in Siemens SICAM PAS/PQS versions prior to V7.0 that stems from a failure to properly protect the containing folder. An attacker can exploit the...

7.8CVSS6.7AI score0.00217EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/30 12:0 a.m.5 views

Trellix Agent 代码问题漏洞

Trellix Agent is a client component of FireEye USA Trellix, Inc. provides secure communication between McAfee ePolicy Orchestrator McAfee ePO and hosted products. A security vulnerability exists in Trellix Agent TA for Windows versions prior to 5.7.8. An attacker could exploit the vulnerability t...

6.7CVSS6.6AI score0.00202EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/21 12:0 a.m.4 views

PT-2022-25506 · Ibm · Ibm I Access Family

Name of the Vulnerable Software and Affected Versions: IBM i Access Family versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 Description: The issue allows a local authenticated attacker to execute arbitrary code on the system due to a DLL search order hijacking vulnerability. An attacker...

7.2CVSS6.7AI score0.00337EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/11/21 12:0 a.m.3 views

IBM i 代码问题漏洞

IBM i is a suite of operating systems from International Business Machines IBM running on IBM Power Systems and IBM PureSystems. A security vulnerability exists in IBM i Access Family versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0, which stems from a vulnerability that could allow a...

7.2CVSS7.2AI score0.00337EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/11/18 12:0 a.m.4 views

PT-2022-20893 · Unknown · Installbuilder

Name of the Vulnerable Software and Affected Versions: InstallBuilder Qt installers versions prior to 22.10 Description: The issue allows an attacker to potentially execute code with the privileges of the installer by planting a malicious DLL in the installer parent directory. This can happen whe...

7.3CVSS7.5AI score0.00218EPSS
Exploits0References5
OSV
OSV
added 2022/11/17 11:15 p.m.1 views

CVE-2022-28766

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client...

7.3CVSS6AI score
Exploits0References1
CNNVD
CNNVD
added 2022/11/17 12:0 a.m.5 views

Zoom Rooms 代码问题漏洞

Zoom Rooms is a software-based conferencing system from Zoom USA. A system that allows web conferencing on fixed endpoints, similar to traditional video conferencing systems. A security vulnerability exists in Zoom Rooms that stems from vulnerability to DLL side-loading attacks...

7.8CVSS7.6AI score0.09092EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/11/11 12:0 a.m.6 views

The vulnerability of the dynamically linked library of the script handler (jscript9.dll) in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the dynamically linked script engine library jscript9.dll in Windows operating systems is related to the possibility of code injection. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.5AI score0.24808EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/09 12:0 a.m.3 views

Foxit Reader 代码问题漏洞

Foxit Reader is a PDF document reader from Foxit China. Foxit Reader is vulnerable to a code issue that could be exploited by attackers to execute malicious DLL files...

7.8CVSS7.2AI score0.01553EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/11/07 12:0 a.m.5 views

PT-2022-27294 · Acronis · Acronis Cyber Protect Home Office

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect Home Office Windows versions prior to build 40107 Description: The issue is related to a local privilege escalation due to a DLL hijacking vulnerability. Recommendations: For versions prior to build 40107, update to buil...

7.3CVSS4.2AI score0.00165EPSS
Exploits0References4
OSV
OSV
added 2022/11/04 2:15 p.m.5 views

CVE-2022-41670

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operat...

7.8CVSS5.9AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/11/04 12:0 a.m.4 views

Schneider Electric EcoStruxure Operator Terminal Expert 数据伪造问题漏洞

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used for creating and editing touch applications. A data forgery vulnerability exists in Schneider Electric EcoStruxure Operator Termin...

7.8CVSS7.6AI score0.0011EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/04 12:0 a.m.3 views

Schneider Electric EcoStruxure Operator Terminal Expert 路径遍历漏洞

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used for creating and editing touch applications. A path traversal vulnerability exists in Schneider Electric EcoStruxure Operator...

7.8CVSS7.6AI score0.00187EPSS
Exploits0References2
Rows per page
Query Builder