CVE-2022-48225

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is used to install drivers from several different vendors. The Gemalto Document Reader child installation process is vulnerable to DLL hijacking, because it attempts to execute with elevated privileges multiple non-existent DLLs...

Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin

A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management SCM to effectively change the Pipeline...

CVE-2022-43310

An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path...

Ricoh Device Software Manager 代码问题漏洞

Ricoh Device Software Manager is a device software manager from Ricoh Japan. A security vulnerability exists in Ricoh Device Software Manager, which arises from the possibility that the installer may load unsafe dynamic link libraries...

Vulnerabilities fixed in Scooter Software Beyond Compare

Vulnerabilities have been fixed in Scooter Software Beyond Compare. The vulnerabilities allow a malicious person to execute arbitrary execute arbitrary code under the SYSTEM user's privileges and the obtain elevated user privileges. For the vulnerability with attribute CVE-2022-36414, it is only...

CVE-2022-31467

A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature...

Schneider Electric Uncontrolled Search Path Element in embedded Rockwell Automation ISaGRAF5 Runtime (CVE-2020-25182)

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...

CVE-2022-29047

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...

Code injection

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...

CVE-2020-25182

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x on Windows are affected by CVE-2020-25182 due to Uncontrolled loading of dynamic libraries (DLL search path). This local, unauthenticated vulnerability could allow an attacker to execute arbitrary code by manipulating the dynamic library lo...

CVE-2020-25182 Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...

CVE-2020-25182 Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...

KINGSOFT WPS Presentation 代码问题漏洞

KINGSOFT WPS Presentation is an application from the Chinese company KINGSOFT. It is used to create presentations. A code issue vulnerability exists in KINGSOFT WPS Presentation version 11.8.0.5745, which stems from the application loading DLL libraries in an insecure manner. A remote attacker...

PT-2022-17244 · Unknown · Cryptomator

Name of the Vulnerable Software and Affected Versions: Cryptomator versions 1.6.5 and earlier Description: The issue allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and...

The vulnerability of the library for viewing, printing, rendering, creating, and processing PDF files. The PDFTron SDK is software for modeling, designing, and drafting in AutoCAD. This vulnerability relates to errors in the mechanism for checking path searching for dynamically attached libraries, allowing a perpetrator to execute arbitrary code.

The vulnerability of the library for viewing, printing, rendering, creating, and processing PDF files is related to errors in the mechanism for checking the path to dynamically linked libraries DLLs. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by opening a...

CVE-2021-27046

A Memory Corruption vulnerability for PDF files in Autodesk Navisworks 2019, 2020, 2021, 2022 may lead to code execution through maliciously crafted DLL files...

OpenVPN代码问题漏洞

OpenVPN is a software package from the American company OpenVPN for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...

The vulnerability of the McAfee Total Protection download client allows a hacker to execute arbitrary code.

The vulnerability of the McAfee Total Protection antivirus protection software’s download process is related to the use of an unreliable search path during the download of dynamic DLL libraries. Exploiting this vulnerability allows an attacker to execute arbitrary code...

TeamViewer 代码问题漏洞

Teamviewer TeamViewer is a suite of software for remote control, desktop sharing and file transfer from TeamViewer Teamviewer, a German company. A security vulnerability exists in versions prior to TeamViewer 14.7.48644 that stems from the program loading untrustworthy dlls under certain...

Palo Alto Networks Cortex XDR Agent 代码问题漏洞

Palo Alto Networks Cortex XDR Agent is a client software from Palo Alto Networks Malaysia used to check the security of client devices. A code issue vulnerability exists in Cortex XDR Agent that originates from the application loading DLL libraries in an insecure manner. A local user, with the...