Ensure That the LD_LIBRARY_PATH Environment Variable Is Correctly Defined

LDLIBRARYPATH is an environmental variable in Linux. When loading a dynamic link library, the program preferentially obtains the library from the path specified by LDLIBRARYPATH. Generally, LDLIBRARYPATH should not be set, because a maliciously set value will make the program link to an incorrect...

PT-2025-5865 · Unknown · Netmod Vpn Client

Name of the Vulnerable Software and Affected Versions: NetMod VPN Client version 5.3.1 Description: The issue arises due to the improper validation of dynamically loaded libraries, allowing an attacker to execute arbitrary code by placing a malicious DLL in a directory where the application loads...

PT-2025-2436 · Wazuh +1 · Wazuh +1

Name of the Vulnerable Software and Affected Versions: Wazuh versions prior to 4.9.0 Description: The issue is related to improper access control in the Wazuh agent for Windows, allowing a local malicious user to potentially exploit this vulnerability by placing a specially crafted DLL file in th...

OpenRefine SQL注入漏洞

OpenRefine is a Java-based open source tool from OpenRefine Open Source. The product is mainly used for loading data, analyzing data, and cleaning data, among other things. A SQL injection vulnerability exists in OpenRefine prior to version 3.8.3, which stems from the ability to set the...

Logitech Options 安全漏洞

Logitech Options is a powerful and easy-to-use application from Logitech Switzerland that enhances your Logitech mouse, keyboard and touchpad. A security vulnerability exists in Logitech Options 1.70.551909 and earlier versions, which originated from a vulnerability that allows a local attacker t...

CVE-2024-23144

A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the...

PT-2024-6108 · Microsoft +1 · Ntasn1.Dll +3

Name of the Vulnerable Software and Affected Versions: CORSAIR iCUE version 5.9.105 Description: The issue is related to insufficient protection of service data due to the loading of dynamic libraries, including MSASN1.dll, NTASN1.dll, and profapi.dll, in the cuepkg-1.2.6 subdirectory of the...

SonicDICOM Media Viewer may insecurely load Dynamic Link Libraries

Overview SonicDICOM Media Viewer provided by Fujidenolo Solutions Co., Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Taihei Shimamine of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and...

CVE-2024-23131

A maliciously crafted STP file, when parsed in ASMIMPORT229A.dll, ASMKERN228A.dll, ASMkern229A.dll or ASMDATAX228A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to...

PT-2024-1469 · Aveva · Aveva Edge

Name of the Vulnerable Software and Affected Versions: AVEVA Edge affected versions not specified Description: The issue is related to the loading of unsafe DLL libraries, which could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege...

CVE-2023-28872

Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport location...

CVE-2023-40352

McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs...

PT-2023-24858 · Apache · Apache Airflow Odbc Provider

Name of the Vulnerable Software and Affected Versions: Apache Airflow ODBC Provider versions prior to 4.0.0 Description: A privilege escalation vulnerability exists due to controllable ODBC driver parameters in OdbcHook, allowing the loading of arbitrary dynamic-link libraries and resulting in...

PT-2023-2465 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to an elevation-of-privilege vulnerability in the Windows CNG Key Isolation Service. This vulnerability is caused by synchronization errors when using a share...

CVE-2022-48225

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is used to install drivers from several different vendors. The Gemalto Document Reader child installation process is vulnerable to DLL hijacking, because it attempts to execute with elevated privileges multiple non-existent DLLs...

Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin

A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management SCM to effectively change the Pipeline...

CVE-2022-43310

An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path...

Ricoh Device Software Manager 代码问题漏洞

Ricoh Device Software Manager is a device software manager from Ricoh Japan. A security vulnerability exists in Ricoh Device Software Manager, which arises from the possibility that the installer may load unsafe dynamic link libraries...

Vulnerabilities fixed in Scooter Software Beyond Compare

Vulnerabilities have been fixed in Scooter Software Beyond Compare. The vulnerabilities allow a malicious person to execute arbitrary execute arbitrary code under the SYSTEM user's privileges and the obtain elevated user privileges. For the vulnerability with attribute CVE-2022-36414, it is only...

CVE-2022-31467

A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature...