Trend Micro Security 代码问题漏洞

Trend Micro Security is an antivirus software from Trend Micro. A security vulnerability exists in Trend Micro Security that stems from the presence of a DLL hijacking vulnerability that could result in unsafe loading of dynamic link libraries. Affected products and versions: Trend Micro Security...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE by allowing an attacker to load a runtime DLL from an unexpected location. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 6.0.16, 7.0.5 or higher. References - Advisory - GitHub Commit -...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 04201.2111.1802.0000. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 04201.2111.1802.0000. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

CVE-2022-28687

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 04201.2111.1802.0000. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

CVE-2022-28686

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 04201.2111.1802.0000. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

PT-2023-1883 · Mcafee · Mcafee Total Protection

Name of the Vulnerable Software and Affected Versions: McAfee Total Protection versions prior to 16.0.49 Description: The issue is related to an uncontrolled search path element in McAfee Total Protection, which can be exploited to elevate user privileges due to DLL sideloading. This could enable...

SUSE CVE-2005-4158

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the 1 PERLLIB, 2 PERL5LIB, and 3 PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included...

SUSE CVE-2009-3954

The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."...

SUSE CVE-2009-5147

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names...

SUSE CVE-2010-3375

qtparted has insecure library loading which may allow arbitrary code execution...

PT-2023-32946 · Unknown · Artemis Java Test Sandbox

Name of the Vulnerable Software and Affected Versions: Artemis Java Test Sandbox versions prior to 1.11.2 Description: The issue allows an attacker to escape the sandbox by loading untrusted libraries using System.load or System.loadLibrary. This can lead to arbitrary Java code execution when a...

Exploit for CVE-2019-16253

K0mraid3s-System-Shell Way back in 2019, a vulnerability that...

PT-2023-14903 · Changingtec · Servisign

Name of the Vulnerable Software and Affected Versions: ChangingTec ServiSign affected versions not specified Description: The issue is related to a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a...

Squirrel.Windows 代码问题漏洞

Squirrel.Windows is a Squirrel open source installation and update framework for Windows desktop applications. A security vulnerability exists in Squirrel.Windows version 2.0.1 and prior versions, which stems from an issue with the installer containing a DLL search path, which could lead to unsaf...

CVE-2022-43722

A vulnerability has been identified in SICAM PAS/PQS All versions V7.0. Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that...

PT-2022-27985 · Jetbrains · Jetbrains Intellij Idea

Name of the Vulnerable Software and Affected Versions: JetBrains IntelliJ IDEA versions prior to 2022.3 Description: The issue allows for a DYLIB injection on macOS. This means that an attacker could potentially inject malicious code into the system. No information is provided about the estimated...

PT-2022-7153 · Autodesk · Autodesk Installer

Name of the Vulnerable Software and Affected Versions: Autodesk Installer affected versions not specified Description: The issue is related to a maliciously crafted DLL file that can be forced to write beyond allocated boundaries when the Autodesk installer parses the DLL files. This could lead t...

Qt 代码问题漏洞

Qt is a cross-platform C++ application development framework from the Norwegian company Qt. It is widely used to develop GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers. A security vulnerability...

(Pwn2Own) AVEVA Edge Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP...