Lucene search
K

118 matches found

RedHat Linux
RedHat Linux
added 2024/07/15 1:16 a.m.7 views

ghostscript: OPVP device arbitrary code execution via custom Driver library

A flaw was found in Ghostscript. The "Driver" parameter for the "opvp"/"oprp" device specifies the name of a dynamic library and allows any library to be loaded. This flaw allows a malicious user to send a specially crafted document that, when processed by Ghostscript, could potentially lead to...

8.8CVSS6.2AI score0.01425EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/06/03 12:0 a.m.7 views

PT-2024-5609 · Dell · Dell Peripheral Manager

Name of the Vulnerable Software and Affected Versions: Dell Peripheral Manager versions prior to 1.7.6 Description: The issue is related to an uncontrolled search path element in the Dell Peripheral Manager software. This could allow an attacker to potentially exploit the vulnerability through...

7.8CVSS8.2AI score0.00202EPSS
Exploits0References6
OSV
OSV
added 2024/05/09 12:0 a.m.2 views

UBUNTU-CVE-2024-33871

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp devices can have an arbitrary name for a...

8.8CVSS7.9AI score0.01425EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/03/14 12:0 a.m.5 views

The vulnerability of Microsoft Exchange Server’s mail server, related to an uncontrolled search path element, allows attackers to execute arbitrary code.

The vulnerability of Microsoft Exchange Server is related to an uncontrolled element in the loading process for DLL libraries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.4AI score0.0682EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2023/08/05 2:30 p.m.6 views

Exploit for CVE-2023-38820

DLL-Planting-Slack-4.33.73-CVE-2023-38820 DLL Planting in the...

9.7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/06/28 12:0 a.m.7 views

The vulnerability of the application development environment for ISaGRAF programmable logic controllers arises from the use of an unreliable search path during the loading of dynamic libraries. This allows a hacker to execute arbitrary code.

The vulnerability in the application development environment for ISaGRAF Runtime Rockwell Automation relates to the use of an unreliable search path during the loading of dynamic libraries. Exploiting this vulnerability allows a local attacker to execute arbitrary code...

6.7CVSS7AI score0.00422EPSS
Exploits0References7Affected Software17
CNNVD
CNNVD
added 2023/04/18 12:0 a.m.5 views

Qualys Cloud Agent 代码问题漏洞

Qualys Cloud Agent is a lightweight application from Qualys USA, Inc. A single agent for real-time, global visibility and response. A security vulnerability exists in Qualys Cloud Agent versions prior to 4.5.3.1, which stems from a malicious copy of the Dependency Link Library DLL that allows an...

7CVSS7AI score0.00219EPSS
Exploits0References2
Snyk
Snyk
added 2023/04/11 10:2 p.m.4 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE by allowing an attacker to load a runtime DLL from an unexpected location. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 6.0.16, 7.0.5 or higher. References - Advisory - GitHub Commit -...

7.8CVSS7.5AI score0.01531EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/13 12:0 a.m.4 views

PT-2023-1883 · Mcafee · Mcafee Total Protection

Name of the Vulnerable Software and Affected Versions: McAfee Total Protection versions prior to 16.0.49 Description: The issue is related to an uncontrolled search path element in McAfee Total Protection, which can be exploited to elevate user privileges due to DLL sideloading. This could enable...

5.5CVSS7.2AI score0.00254EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.3 views

SUSE CVE-2009-3954

The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."...

10CVSS7.9AI score0.0905EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/21 12:0 a.m.4 views

Squirrel.Windows 代码问题漏洞

Squirrel.Windows is a Squirrel open source installation and update framework for Windows desktop applications. A security vulnerability exists in Squirrel.Windows version 2.0.1 and prior versions, which stems from an issue with the installer containing a DLL search path, which could lead to unsaf...

7.8CVSS7.7AI score0.00393EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/12/08 12:0 a.m.4 views

PT-2022-27985 · Jetbrains · Jetbrains Intellij Idea

Name of the Vulnerable Software and Affected Versions: JetBrains IntelliJ IDEA versions prior to 2022.3 Description: The issue allows for a DYLIB injection on macOS. This means that an attacker could potentially inject malicious code into the system. No information is provided about the estimated...

7.8CVSS7.7AI score0.00269EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/11/23 12:0 a.m.7 views

PT-2022-7153 · Autodesk · Autodesk Installer

Name of the Vulnerable Software and Affected Versions: Autodesk Installer affected versions not specified Description: The issue is related to a maliciously crafted DLL file that can be forced to write beyond allocated boundaries when the Autodesk installer parses the DLL files. This could lead t...

7.8CVSS7.6AI score0.00225EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/11/18 12:0 a.m.6 views

Qt 代码问题漏洞

Qt is a cross-platform C++ application development framework from the Norwegian company Qt. It is widely used to develop GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers. A security vulnerability...

7.3CVSS7.8AI score0.00218EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/16 12:0 a.m.5 views

Softing Secure Integration Server 路径遍历漏洞

Softing Secure Integration Server is a secure integration server from Softing Germany. It provides a powerful OPC UA data integration layer and supports interface abstraction, aggregation, data preprocessing and security supervision. A path traversal vulnerability exists in Softing Secure...

7.2CVSS7.3AI score0.10229EPSS
Exploits3References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/11 6:21 a.m.4 views

Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries

Overview Installer of Trend Micro Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA...

7.8CVSS7.1AI score0.00279EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/03/30 12:0 a.m.3 views

HiBARA Software AttacheCase 代码问题漏洞

HiBARA Software AttacheCase is a powerful file/folder encryption software from the Japanese individual developer Hibara Mitsuhiro. A code issue vulnerability exists in HiBARA Software AttacheCase version 4.0.2.7, which arises from loading DLL libraries in an insecure manner. A remote attacker can...

7.8CVSS8AI score0.00355EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/03/30 12:0 a.m.4 views

HiBARA Software AttacheCase 代码问题漏洞

HiBARA Software AttacheCase is a powerful file/folder encryption software from the Japanese individual developer Hibara Mitsuhiro. A code issue vulnerability exists in HiBARA Software AttacheCase version 3.6.1.0, which arises from an application loading DLL libraries in an insecure manner. A remo...

7.8CVSS8AI score0.00362EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/03/28 12:0 a.m.8 views

The vulnerability of the installer component of the WPS Office office software package allows a perpetrator to escalate their privileges and execute arbitrary code.

The vulnerability of the installer component of the WPS Office office software package is related to the loading of a dynamic library that does not exist. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...

7.8CVSS7.5AI score0.00775EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/03/18 6:15 p.m.7 views

CVE-2020-25182

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...

6.7CVSS6AI score0.00422EPSS
Exploits0References4
Rows per page
Query Builder