CVE-2022-43310

An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path...

Schneider Electric Uncontrolled Search Path Element in embedded Rockwell Automation ISaGRAF5 Runtime (CVE-2020-25182)

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...

Code injection

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...

CVE-2020-25182

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x on Windows are affected by CVE-2020-25182 due to Uncontrolled loading of dynamic libraries (DLL search path). This local, unauthenticated vulnerability could allow an attacker to execute arbitrary code by manipulating the dynamic library lo...

CVE-2020-25182 Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...

PT-2022-17244 · Unknown · Cryptomator

Name of the Vulnerable Software and Affected Versions: Cryptomator versions 1.6.5 and earlier Description: The issue allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and...

The vulnerability of the library for viewing, printing, rendering, creating, and processing PDF files. The PDFTron SDK is software for modeling, designing, and drafting in AutoCAD. This vulnerability relates to errors in the mechanism for checking path searching for dynamically attached libraries, allowing a perpetrator to execute arbitrary code.

The vulnerability of the library for viewing, printing, rendering, creating, and processing PDF files is related to errors in the mechanism for checking the path to dynamically linked libraries DLLs. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by opening a...

CVE-2021-27046

A Memory Corruption vulnerability for PDF files in Autodesk Navisworks 2019, 2020, 2021, 2022 may lead to code execution through maliciously crafted DLL files...

OpenVPN代码问题漏洞

OpenVPN is a software package from the American company OpenVPN for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...

The vulnerability of the McAfee Total Protection download client allows a hacker to execute arbitrary code.

The vulnerability of the McAfee Total Protection antivirus protection software’s download process is related to the use of an unreliable search path during the download of dynamic DLL libraries. Exploiting this vulnerability allows an attacker to execute arbitrary code...

PT-2021-7832 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ISaGRAF Runtime versions 4.x through 5.x Description: The issue is related to the uncontrolled loading of dynamic libraries by Rockwell Automation ISaGRAF Runtime, which could allow a local, unauthenticated attacker to...

CVE-2021-27028

A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote code execution through maliciously crafted DLL files...

The vulnerability of the McAfee Data Loss Prevention Endpoint software for Windows, related to insecure management of privileges, allows a perpetrator to execute DLL libraries.

The vulnerability of the McAfee Data Loss Prevention Endpoint software for Windows relates to insecure management of privileges. Exploiting this vulnerability could allow an attacker to load DLL libraries using specially crafted IOCTL calls...

Adobe Dreamweaver 20.2.0 < 20.2.1 / 21.0 < 21.1 Information disclosure (APSB21-13)

The version of Adobe Dreamweaver installed on the remote Windows host is prior to 20.2.1, 21.1. It is, therefore, affected by a vulnerability as referenced in the APSB21-13 advisory. - Adobe Dreamweaver versions 21.0 and earlier and 20.2 and earlier is affected by an untrusted search path...

CVE-2020-25245

A vulnerability has been identified in DIGSI 4 All versions V4.94 SP1 HF 1. Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM...

The vulnerability of the ColdFusion software platform, related to incorrect handling of the path to libraries’ DLL files, allows attackers to escalate their privileges.

The vulnerability of the ColdFusion software platform is related to incorrect handling of the path for accessing DLL libraries used by the embedded component. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the process-interaction channel of the Cisco AnyConnect Secure Mobility Client software allows a perpetrator to execute arbitrary code.

The vulnerability of the process-interaction channel of the Cisco AnyConnect Secure Mobility Client software-related client software is related to errors in the mechanism for checking the path to dynamically attached libraries. Exploiting this vulnerability can allow an attacker to execute...

The vulnerability of the graphical programming extension for Dynamo BIM lies in errors during the checking of the paths for loading dynamic libraries. This allows attackers to execute arbitrary code.

The vulnerability of Dynamo BIM’s graphical programming interface relates to errors in checking the path of dynamically loaded libraries. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

CVE-2020-4545

IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitra...

Foxit Reader 3.1.0.0111 < 3.2 Privilege Escalation (macOS)

The version of Foxit Reader for Mac installed on the remote macOS host is 3.1.0.0111. It is, therefore, affected by a privilege escalation vulnerability due to incorrect permission setting. An attacker could exploit this by modifying the dynamic libraries in the Plugins directory. Note that Nessu...