CVE-2024-28099

VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application...

CVE-2024-28099

CVE-2024-28099 affects VT STUDIO versions 8.32 and earlier. The root cause is an insecure DLL search path that may allow loading malicious DLLs, enabling arbitrary code execution with the application’s privileges. Reported across multiple sources (Red Hat, NVD, JVN/JVNVU, PT-Security, and others)...

CVE-2024-29734

Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application...

CVE-2024-29734

CVE-2024-29734 (SonicDICOM Media Viewer) involves an uncontrolled DLL search path element in SonicDICOM Media Viewer 2.3.2 and earlier. The root cause is a DLL search path issue (CWE-427) that may lead to insecure loading of Dynamic Link Libraries, allowing arbitrary code to execute with the priv...

SonicDICOM Media Viewer may insecurely load Dynamic Link Libraries

Overview SonicDICOM Media Viewer provided by Fujidenolo Solutions Co., Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Taihei Shimamine of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and...

JVN#40367518: SonicDICOM Media Viewer may insecurely load Dynamic Link Libraries

SonicDICOM Media Viewer provided by Fujidenolo Solutions Co., Ltd. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileges of the running application. Solution Update the Software...

CVE-2024-1595

Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed...

Code injection

It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server...

CVE-2021-22150 Kibana code execution issue

It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server...

CVE-2023-37511

If certain App Transport Security ATS settings are set in a certain manner, insecure loading of web content can be achieved...

CVE-2023-37511

The CVE refers to an information disclosure vulnerability in HCL Traveler To Do (the iOS/iPadOS companion for HCL Notes To Do) caused by a flaw in App Transport Security (ATS) settings, enabling insecure loading of web content. Multiple sources (CNVD/CNNVD/CVE records) describe the issue as stemm...

RHEL 9 : nodejs:18 (RHSA-2023:2654)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2654 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Trend Micro Security may insecurely load Dynamic Link Libraries

Overview Trend Micro Security provided by Trend Micro Incorporated contains an insecure DLL loading issue CWE-427. While the affected version of Trend Micro Security is installed and a malicious DLL is placed in a directory where some application executable resides, invoking the application...

nodejs:16 security, bug fix, and enhancement update

An update is available for nodejs, nodejs-packaging, module.nodejs-packaging, module.nodejs-nodemon, nodejs-nodemon, module.nodejs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

SUSE: Security Advisory (SUSE-SU-2023:0682-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated nodejs packages fix security vulnerability

The following CVEs are fixed in this release: CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule High CVE-2023-23920: Node.js insecure loading of ICU data through ICUDATA environment variable Low More detailed information on each of the vulnerabilities can be foun...

Windscribe VPN 代码问题漏洞

Windscribe VPN is an application from Windscribe Canada. A VPN. Windscribe VPN suffers from a security vulnerability that stems from loading an OpenSSL configuration file from an insecure location...

CVE-2022-46330

Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries...

CVE-2022-46330

Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries...

Installer of Ricoh Device Software Manager may insecurely load Dynamic Link Libraries

Overview Installer of Device Software Manager provided by RICOH COMPANY, LTD. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Tomohisa Hasegawa of Canon IT Solutions Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wit...