PT-2022-4344 · Aveva · Aveva Edge

Name of the Vulnerable Software and Affected Versions: AVEVA Edge 2020 SP2 Patch 04201.2111.1802.0000 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious...

Softing Secure Integration Server 路径遍历漏洞

Softing Secure Integration Server is a secure integration server from Softing Germany. It provides a powerful OPC UA data integration layer and supports interface abstraction, aggregation, data preprocessing and security supervision. A path traversal vulnerability exists in Softing Secure...

Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries

Overview Installer of Trend Micro Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA...

HiBARA Software AttacheCase 代码问题漏洞

HiBARA Software AttacheCase is a powerful file/folder encryption software from the Japanese individual developer Hibara Mitsuhiro. A code issue vulnerability exists in HiBARA Software AttacheCase version 4.0.2.7, which arises from loading DLL libraries in an insecure manner. A remote attacker can...

HiBARA Software AttacheCase 代码问题漏洞

HiBARA Software AttacheCase is a powerful file/folder encryption software from the Japanese individual developer Hibara Mitsuhiro. A code issue vulnerability exists in HiBARA Software AttacheCase version 3.6.1.0, which arises from an application loading DLL libraries in an insecure manner. A remo...

CVE-2020-25182

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...

CVE-2022-25969

The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL or some other DLLs, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer...

Installer of Trend Micro Portable Security may insecurely load Dynamic Link Libraries

Overview Trend Micro Incorporated has released a security update for Trend Micro Portable Security. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A local attacker may obtain the administrative privilege when the product's...

CVE-2022-23401

The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00...

CVE-2022-25634

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory...

UBUNTU-CVE-2022-25634

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory...

PT-2021-5954 · Pdftron · Pdftron

Name of the Vulnerable Software and Affected Versions: PDFTron versions prior to 9.0.7 Description: A Memory Corruption issue may lead to code execution through maliciously crafted DLL files. The vulnerability is related to errors in the mechanism for checking the path to dynamically loaded...

Fortinet FortiClient 代码问题漏洞

FortiClient is a mobile endpoint security solution from Fortinet, Inc. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance.FortiClient is vulnerable to an elevation of privilege...

Updated qt4 packages fix security vulnerability

CVE-2020-24741, Do not attempt to load a library relative to $PWD...

MGASA-2021-0510 Updated qt4 packages fix security vulnerability

CVE-2020-24741, Do not attempt to load a library relative to $PWD...

CVE-2021-38416 Delta Electronics DIALink

Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed...

Delta Electronics DiaLink 代码问题漏洞

DIALink is an equipment networking platform from Delta Electronics that effectively manages CNC machines and PLC-controlled machines, collects on-site equipment data and connects it to the upper management platform through a unified interface, and at the same time provides visual information...

Trend Micro Apex One 代码问题漏洞

Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities. Trend Micro Apex One suffers from a code issue vulnerability that stems from the application allowing the inclusion of libraries from the...

Trend Micro Apex One 代码问题漏洞

Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities. Trend Micro Apex One suffers from a code issue vulnerability that stems from the application allowing the inclusion of libraries from the...

ruby:2.7 security, bug fix, and enhancement update

ruby 2.7.3-136 - Upgrade to Ruby 2.7.3. Resolves: rhbz1951999 - Resolv::DNS: timeouts if multiple IPv6 name servers are given and address contains leading zero Resolves: rhbz1952000 2.7.2-135 - Upgrade to Ruby 2.7.2. - Avoid possible timeout errors in TestBugReportertestbugreporteradd. 2.7.1-133 ...