UBUNTU-CVE-2024-33871

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp devices can have an arbitrary name for a...

CVE-2023-44438

Ashlar-Vellum Argon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Argon. User interaction is required to exploit this vulnerability in that the target must visit...

CVE-2023-44438

CVE-2023-44438 concerns Ashlar-Vellum Argon, a CAD/3D modeling tool. The vulnerability stems from how Argon parses various file types, loading a library from an unsecured location, which enables remote code execution with the attacker’s code running in the context of the target process. Exploitat...

PT-2024-22489 · Axigen · Axigen Mail Server

Name of the Vulnerable Software and Affected Versions: Axigen Mail Server for Windows versions 10.5.18 and before Description: An issue was discovered in Axigen Mail Server for Windows, allowing local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL...

Keyence VT STUDIO 安全漏洞

Keyence VT STUDIO is a software used by Keyence China to configure and monitor its vision inspection systems. A security vulnerability exists in Keyence VT STUDIO version 8.32 and prior versions, which stems from a DLL loading error. The vulnerability can be exploited by an attacker to execute...

Delta Electronics CNCSoft Code Issue Vulnerability

Delta Electronics CNCSoft is a CNC machine simulation system software from Delta Electronics, Taiwan, China. The software provides high-performance motion control, rich human-machine interface functions, user-friendly operation, high stability to meet the needs of high-speed cutting, and good...

VulnCheck KEV: CVE-2024-7262

Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library...

CVE-2023-50292 Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users

Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...

CVE-2024-23681

Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code...

CVE-2023-41780

There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges...

Apache Hadoop allows local user to gain root privileges

Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...

CVE-2023-26031 Privilege escalation in Apache Hadoop Yarn container-executor binary on Linux systems

Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...

PT-2023-7085 · Ashlar Vellum · Ashlar-Vellum Argon

Name of the Vulnerable Software and Affected Versions: Ashlar-Vellum Argon affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Argon. User interaction is required, as the target must visit a malicious...

Ashlar-Vellum Lithium Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Lithium. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...

CLSA-2023-1691576279 Fix CVE(s): CVE-2023-38408

SECURITY UPDATE: helper programs can dlopen/dlclose any libraries from /usr/lib - debian/patches/CVE-2023-38408-Ensure-FIDO-PKCS11-libraries-contain-expect.patch: checks libraries before dlopen - debian/patches/CVE-2023-38408-Separate-ssh-pkcs11-helpers-for-each-p11-mo.patch: separate...

Exploit for CVE-2023-38820

DLL-Planting-Slack-4.33.73-CVE-2023-38820 DLL Planting in the...

PT-2023-3970 · Unknown · Qvpn Device Client

Name of the Vulnerable Software and Affected Versions: QVPN Device Client versions prior to 2.0.0.1310 QVPN Device Client versions prior to 2.0.0.1316 Description: The issue is related to an insecure library loading vulnerability. If exploited, it could allow local attackers who have gained user...

Privilege escalation

Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office Windows before build 40208...

Qualys Cloud Agent 代码问题漏洞

Qualys Cloud Agent is a lightweight application from Qualys USA, Inc. A single agent for real-time, global visibility and response. A security vulnerability exists in Qualys Cloud Agent versions prior to 4.5.3.1, which stems from a malicious copy of the Dependency Link Library DLL that allows an...

Trend Micro Security 代码问题漏洞

Trend Micro Security is an antivirus software from Trend Micro. A security vulnerability exists in Trend Micro Security that stems from the presence of a DLL hijacking vulnerability that could result in unsafe loading of dynamic link libraries. Affected products and versions: Trend Micro Security...