Schneider Electric Uncontrolled Search Path Element in embedded Rockwell Automation ISaGRAF5 Runtime (CVE-2020-25182)

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...

CVE-2022-29047

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...

Code injection

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...

CVE-2020-25182 Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...

CVE-2020-25182 Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...

CVE-2020-25182

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x on Windows are affected by CVE-2020-25182 due to Uncontrolled loading of dynamic libraries (DLL search path). This local, unauthenticated vulnerability could allow an attacker to execute arbitrary code by manipulating the dynamic library lo...

KINGSOFT WPS Presentation 代码问题漏洞

KINGSOFT WPS Presentation is an application from the Chinese company KINGSOFT. It is used to create presentations. A code issue vulnerability exists in KINGSOFT WPS Presentation version 11.8.0.5745, which stems from the application loading DLL libraries in an insecure manner. A remote attacker...

PT-2022-17244 · Unknown · Cryptomator

Name of the Vulnerable Software and Affected Versions: Cryptomator versions 1.6.5 and earlier Description: The issue allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and...

CVE-2021-27046

A Memory Corruption vulnerability for PDF files in Autodesk Navisworks 2019, 2020, 2021, 2022 may lead to code execution through maliciously crafted DLL files...

OpenVPN代码问题漏洞

OpenVPN is a software package from the American company OpenVPN for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...

TeamViewer 代码问题漏洞

Teamviewer TeamViewer is a suite of software for remote control, desktop sharing and file transfer from TeamViewer Teamviewer, a German company. A security vulnerability exists in versions prior to TeamViewer 14.7.48644 that stems from the program loading untrustworthy dlls under certain...

Palo Alto Networks Cortex XDR Agent 代码问题漏洞

Palo Alto Networks Cortex XDR Agent is a client software from Palo Alto Networks Malaysia used to check the security of client devices. A code issue vulnerability exists in Cortex XDR Agent that originates from the application loading DLL libraries in an insecure manner. A local user, with the...

PT-2021-7832 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ISaGRAF Runtime versions 4.x through 5.x Description: The issue is related to the uncontrolled loading of dynamic libraries by Rockwell Automation ISaGRAF Runtime, which could allow a local, unauthenticated attacker to...

CVE-2021-27028

A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote code execution through maliciously crafted DLL files...

Adobe Dreamweaver 20.2.0 < 20.2.1 / 21.0 < 21.1 Information disclosure (APSB21-13)

The version of Adobe Dreamweaver installed on the remote Windows host is prior to 20.2.1, 21.1. It is, therefore, affected by a vulnerability as referenced in the APSB21-13 advisory. - Adobe Dreamweaver versions 21.0 and earlier and 20.2 and earlier is affected by an untrusted search path...

CVE-2020-25245

A vulnerability has been identified in DIGSI 4 All versions V4.94 SP1 HF 1. Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM...

CVE-2020-4545

IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitra...

Foxit Reader 3.1.0.0111 < 3.2 Privilege Escalation (macOS)

The version of Foxit Reader for Mac installed on the remote macOS host is 3.1.0.0111. It is, therefore, affected by a privilege escalation vulnerability due to incorrect permission setting. An attacker could exploit this by modifying the dynamic libraries in the Plugins directory. Note that Nessu...

openSUSE Security Update : live555 (openSUSE-2020-944)

This update for live555 fixes the following issues : - CVE-2019-9215: Malformed headers could have lead to invalid memory access in the parseAuthorizationHeader function. boo1127341 - CVE-2019-7314: Mishandled termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up could have lead ...

Security update for live555 (moderate)

openSUSE Security Update: Security update for live555 Announcement ID: openSUSE-SU-2020:0944-1 Rating: moderate References: 1121995 1124159 1127341 Cross-References: CVE-2019-7314 CVE-2019-9215 Affected Products: openSUSE Leap 15.2 An update that solves two vulnerabilities and has one errata is n...