118 matches found
About the security content of iTunes 12.10.2 for Windows
About the security content of iTunes 12.10.2 for Windows This document describes the security content of iTunes 12.10.2 for Windows. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...
Apple Mac OS X Security Updates (HT210722)-01
Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the dynamic library loading mechanism in the Cisco Jabber for Windows multimedia corporate messaging system allows a hacker to execute arbitrary code with the privileges of another user’s account.
The vulnerability of the dynamic library loading mechanism in the Cisco Jabber for Windows multimedia corporate messaging system is related to insufficient checking of resources loaded by the application. Exploiting this vulnerability allows a perpetrator to execute arbitrary code with the...
The vulnerability of the synchronization identifier application in the Cisco Directory Connector lies in errors in the path validation mechanism, allowing an intruder to gain unauthorized access to protected information.
The vulnerability of the application for synchronizing identifiers in the Cisco Directory Connector is related to errors in the mechanism for checking the path of dynamically attached libraries. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected...
CVE-2018-16156
In PaperStream IP TWAIN 1.42.0.5685 Service Update 7, the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkicFjicube32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes...
The vulnerability of the NormaCS automation tool for working with regulatory documents allows a violator to execute any code they desire.
The vulnerability of the NormaCS tool for automating the processing of regulatory documents is related to the use of the MFC library set. It arises due to deficiencies in the restriction on the searchable range of dynamically loaded libraries. Exploiting this vulnerability could allow a malicious...
The installer of Windows10 Fall Creators Update Modify module for Security Measures tool may insecurely load Dynamic Link Libraries
Overview The installer of Windows10 Fall Creators Update Modify module for Security Measures tool provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Tomohisa Hasegawa of Canon...
CVE-2018-8090
Quick Heal Total Security 64 bit 17.00 QHTS64.exe, QHTSFT64.exe - Version 10.0.1.38; Quick Heal Total Security 32 bit 17.00 QHTS32.exe, QHTSFT32.exe - Version 10.0.1.38; Quick Heal Internet Security 64 bit 17.00 QHIS64.exe, QHISFT64.exe - Version 10.0.0.37; Quick Heal Internet Security 32 bit 17....
The vulnerability of the DLL-file loading mechanism of the cryptographic protection tool ViPNet Coordinator, which allows a hacker to execute arbitrary code with administrator privileges.
The vulnerability of the DLL file loading mechanism of the cryptographic protection tool ViPNet Coordinator is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to execute arbitrary code with administrator privileges using a specially crafted DLL file...
CVE-2018-6461
March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory...
The vulnerability of the TRIE component of the Windows operating system, allowing a hacker to execute arbitrary code
The vulnerability of the TRIE component in the Windows operating system is related to errors that occur during the loading of DLL files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using specially crafted DLL files...
The installer of Media Go and Music Center for PC may insecurely load Dynamic Link Libraries
Overview Media Go and Music Center for PC provided by Sony Group are file management tools. The installer of Media Go and Music Center for PC contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. and Shun Suza...
CVE-2017-12314
A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity, aka Insecure Library Loading. The vulnerability is due to...
CVE-2017-13676
Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a...
Installer and self-extracting archive containing the installer of "Security Setup Tool" may insecurely load Dynamic Link Libraries
Overview The installer and the self-extracting archive containing the installer of "Security Setup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of...
Installer of Houkokusyo Sakusei Shien Tool provided by Ministry of the Environment may insecurely load Dynamic Link Libraries
Overview Installer of Houkokusyo Sakusei Shien Tool provided by Ministry of the Environment contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eili Masami of Tachibana Lab. and BlackWingCat of Pink Flying Whale reported this vulnerability to...
Installers of the screensavers provided by JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE may insecurely load Dynamic Link Libraries
Overview Installers of the screensavers provided by JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated wit...
About the security content of iCloud for Windows 6.0.1 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
CVE-2016-7275
Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."...
About the security content of iCloud for Windows 6.0.1
About the security content of iCloud for Windows 6.0.1 This document describes the security content of iCloud for Windows 6.0.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...