Lucene search
K

1217 matches found

NCSC
NCSC
added 2021/02/19 12:0 a.m.5 views

Vulnerability fixed in Atlassian Bitbucket

By placing a specially crafted DLL file in the Bitbucket installation directory, an unauthorized user can execute arbitrary code with SYSTEM privileges on a Windows system on which the vulnerable Bitbucket software is installed. Atlassian has released updates to fix the vulnerability. fix. For mo...

7.8CVSS7.5AI score0.00265EPSS
Exploits0
CNNVD
CNNVD
added 2021/02/11 12:0 a.m.6 views

Microsoft Edge Code Issue Vulnerability

Microsoft Edge is a web browser from Microsoft Corporation USA that comes with systems after Windows 10. A code issue vulnerability exists in Edge, which contains an untrusted search path vulnerability that allows an attacker to load a malicious DLL library from its current directory...

7.8CVSS7.2AI score0.00279EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/02/09 12:0 a.m.7 views

DIGSI 4 权限许可和访问控制问题漏洞

SIEMENS DIGSI 4 is a driver from SIEMENS USA. Provides device driver functionality. A privilege license and access control issue vulnerability exists in SIEMENS DIGSI 4. The vulnerability stems from the fact that several folders in \%PATH\% can be written to by a normal user, and can be exploited...

7.8CVSS7.2AI score0.00342EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2021/02/08 12:0 a.m.9 views

The vulnerability of the DLL library loading mechanism used by Cisco Immunet and Cisco Advanced Malware Protection allows a malicious actor to execute arbitrary code with elevated privileges.

The vulnerability of the DLL library loading mechanism used by Cisco Immunet and Cisco Advanced Malware Protection is related to an uncontrolled element in the search process. Exploiting this vulnerability allows a attacker to execute arbitrary code with elevated privileges...

7.8CVSS7.6AI score0.00443EPSS
Exploits0References2Affected Software2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/04 6:42 a.m.2 views

Trend Micro HouseCall for Home Networks (Windows Edition) may insecurely load Dynamic Link Libraries

Overview HouseCall for Home Networks Windows Edition provided by Trend Micro Incorporated contains an issue with the DLL search path. By reading a malicious DLL placed in the folder specified by the PATH environment variable, arbitrary code with an escalated privilege may be executed CWE-427. Tre...

7.8CVSS7.5AI score0.00749EPSS
Exploits0References6
OSV
OSV
added 2021/01/27 7:15 p.m.2 views

CVE-2021-25247

A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability...

7.8CVSS7.3AI score0.00749EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/01/27 12:0 a.m.5 views

Trend Micro HouseCall Home Networks Code Issue Vulnerability

Trend Micro HouseCall for Home Networks is a suite of home network security scanning software from Trend Micro. The software supports scanning a wide range of home network devices and identifying network risks. A security vulnerability exists in Trend Micro HouseCall for Home Networks version...

7.8CVSS7.7AI score0.00749EPSS
Exploits0References3
OSV
OSV
added 2021/01/13 10:15 p.m.5 views

CVE-2021-1237

A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack. To exploit this vulnerability, the attacker would need to have valid credentials o...

7.8CVSS6.9AI score0.00395EPSS
Exploits0References1
OSV
OSV
added 2021/01/13 10:15 a.m.2 views

CVE-2021-20616

Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

7.8CVSS7.1AI score0.00321EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/01/13 12:0 a.m.8 views

Sound Research DCHU Code Issue Vulnerability

Sound Research DCHU is a software module for audio post-processing drivers from Sound Research. A code issue vulnerability exists in Sound Research DCHU version 2.0.9.17, which allows an attacker to escalate privileges by uploading a fake DLL...

7.8CVSS7.2AI score0.00344EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/12 6:53 a.m.4 views

The installer of SKYSEA Client View may insecurely load Dynamic Link Libraries

Overview SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. The installer of SKYSEA Client View contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. shogo kumamaru of LAC Co.,Ltd reported this...

7.8CVSS7AI score0.00321EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/01/12 12:0 a.m.7 views

SKYSEA Client View Code Issue Vulnerability

SKYSEA Client View is an enterprise IT asset management tool from Sky SKY Japan. A code issue vulnerability exists in SKYSEA Client View versions 1.020.05b through 16.001.01g, which stems from a problem in the search path when the program loads a DLL and loads a specific DLL located in the same...

7.8CVSS7.4AI score0.00321EPSS
Exploits0References4
CNVD
CNVD
added 2021/01/05 12:0 a.m.1 views

Baidu.com PC version suffers from dll hijacking vulnerability

Baidu.com is a cloud service product. A dll hijacking vulnerability exists in the PC version of Baidu.com Disk. An attacker can exploit the vulnerability to load a malicious dll and execute malicious code...

7AI score
Exploits0
CNVD
CNVD
added 2020/12/07 12:0 a.m.2 views

There is a dll hijacking vulnerability in Youdao Dictionary pc side

Youdao Dictionary is the world's first all-around free language translation software based on search engine technology produced by NetEase Youdao. A dll hijacking vulnerability exists in Youdao Dictionary pc, which can be exploited by attackers to gain control of the server...

7.2AI score
Exploits0
CNVD
CNVD
added 2020/12/07 12:0 a.m.1 views

Aurora PDF Reader has a dll hijacking vulnerability (NVD-C-2020-294256)

Aurora PDF Reader is a PDF file viewing software. Aurora PDF Reader has a dll hijacking vulnerability that can be exploited by attackers to load malicious dlls and execute malicious code...

7.1AI score
Exploits0
CNVD
CNVD
added 2020/12/07 12:0 a.m.2 views

Baidu.com PC client suffers from dll hijacking vulnerability (CNVD-2020-73296)

Baidu.com formerly Baidu Cloud is a cloud storage service launched by Baidu, which has covered the mainstream PC and cell phone operating systems, including Web version, Windows version, Mac version, Android version, iPhone version and Windows Phone version. A dll hijacking vulnerability exists i...

7.1AI score
Exploits0
CNVD
CNVD
added 2020/12/06 12:0 a.m.1 views

Cool Music (Windows client) suffers from a dll hijacking vulnerability (CNVD-2020-72476)

Cool Music is a music player that serves songs to its users. A dll hijacking vulnerability exists in CoolMusic Windows client. An attacker can exploit this vulnerability to load a malicious dll and execute malicious code...

7.1AI score
Exploits0
CNVD
CNVD
added 2020/12/06 12:0 a.m.1 views

Lovecraft Universal Link (Windows client) suffers from dll hijacking vulnerability

Aqiyi Universal Link formerly Aqiyi Universal Player is a universal video and audio player produced by Aqiyi in pursuit of the ultimate experience. There is a dll hijacking vulnerability in Aqiyi Universal Media Player Windows client. An attacker can exploit this vulnerability to load a malicious...

7.1AI score
Exploits0
CNVD
CNVD
added 2020/12/06 12:0 a.m.2 views

NetEase Mail Master (Windows Client) suffers from dll hijacking vulnerability

Netease Mailbox Master is an all-platform mailbox client launched by Netease Netease, which supports the use of various brands of mailboxes such as Netease and Outlook, and supports all-platform device login. A dll hijacking vulnerability exists in Netease Mail Master Windows client. An attacker...

7.2AI score
Exploits0
CNVD
CNVD
added 2020/12/06 12:0 a.m.1 views

360 Compressor (Windows client) suffers from a dll hijacking vulnerability

360 Compressor is a compression software. A dll hijacking vulnerability exists in 360 Compressor Windows client. An attacker can exploit this vulnerability to execute malicious code...

7.1AI score
Exploits0
Rows per page
Query Builder