Lucene search
+L

274 matches found

jvn
jvn
added 2020/12/18 7:47 a.m.3 views

Self-Extracting files created by multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries

Overview Self-Extracting files created by multiple SEIKO EPSON products contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...

9.3CVSS7AI score0.00866EPSS
Exploits0References6
cnnvd
cnnvd
added 2020/12/18 12:0 a.m.6 views

Epson Setupmanager Code Issue Vulnerability

Epson Setupmanager is a printer driver software from Epson Japan for Windows operating systems. A code issue vulnerability exists in the self-extracting file in version 2.2.1 of Epson Setupmanager, which could lead to unsafe loading of dynamic link libraries...

9.3CVSS7.2AI score0.00866EPSS
Exploits0References4
jvn
jvn
added 2020/11/20 6:39 a.m.3 views

The installers of multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries

Overview The installers of multiple products by SEIKO EPSON CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wi...

7.8CVSS7.1AI score0.00341EPSS
Exploits0References6
jvn
jvn
added 2020/11/20 12:0 a.m.54 views

JVN#26835001: The installers of multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries

The installers of multiple products by SEIKO EPSON CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...

7.8CVSS7.5AI score0.00341EPSS
Exploits0
ics
ics
added 2020/10/24 12:0 p.m.29 views

Emotet Malware

Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and Infrastructure Security Agency CISA and the Multi-State...

9.6AI score
Exploits0References85
threatpost
threatpost
added 2020/10/19 5:5 p.m.33 views

Overlay Malware Targets Windows Users with a DLL Hijack Twist

Brazilians are being warned of a new overlay malware targeting Windows users in order to siphon victims’ financial data and drain their bank accounts. Researchers say what the malware, dubbed Vizom, lacks in sophistication it makes up for in its creative abuse of the Windows ecosystem. Trusteer, ...

1.3AI score
Exploits0References3
osv
osv
added 2020/09/03 5:15 p.m.3 views

CVE-2020-24162

The Shenzhen Tencent app 5.8.2.5300 for PC platforms from Tencent App Center has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code...

7.8CVSS7.2AI score0.00403EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2020/07/31 12:0 a.m.6 views

The vulnerability of the installation file of the Kaspersky Security Center allows a perpetrator to increase their privileges.

The vulnerability of the installation file of the Kaspersky Security Center antivirus software is related to errors in the mechanism for checking the path to dynamically linked libraries. Exploiting this vulnerability can allow an attacker to increase their privileges...

8.8CVSS5.5AI score
Exploits0References1Affected Software1
osv
osv
added 2020/06/30 2:15 p.m.2 views

CVE-2019-19161

CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification...

7.2CVSS7.1AI score0.01144EPSS
Exploits0References2
osv
osv
added 2020/05/14 9:15 p.m.5 views

CVE-2020-10616

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts...

8.8CVSS7.4AI score0.01746EPSS
Exploits0References1
cnvd
cnvd
added 2020/04/14 12:0 a.m.3 views

Cool Music is vulnerable to dll hijacking

Cool Music is an online digital music platform. A dll hijacking vulnerability exists in CoolMusic, which can be exploited by an attacker to load an untrusted dynamic link library for command execution...

7.3AI score
Exploits0
osv
osv
added 2020/03/15 10:15 p.m.6 views

CVE-2020-9290

An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading...

7.8CVSS6.7AI score0.00604EPSS
Exploits0References1
cnvd
cnvd
added 2019/12/25 12:0 a.m.1 views

Good Pressure is vulnerable to DLL hijacking

Good Pressure is a completely free new generation of compression software under 2345. Goodpress has a dll hijacking vulnerability, which can be exploited by attackers to load malicious dlls and execute malicious code...

7.1AI score
Exploits0
cnvd
cnvd
added 2019/11/27 12:0 a.m.2 views

STAMP Workbench Installer Code Issue Vulnerability

STAMP Workbench is a modeling tool that supports support for STAMP Systems Theory Accident Models and Processes/STPA Systems Theory Process Analysis. A code issue vulnerability exists in the STAMP Workbench installer that can be exploited by an attacker to cause unsafe loading of dynamic link...

7.8CVSS7.1AI score0.00755EPSS
Exploits0References1
jvn
jvn
added 2019/11/26 12:0 a.m.40 views

JVN#19386781: STAMP Workbench installer may insecurely load Dynamic Link Libraries

STAMP Workbench is a modeling tool for STAMP provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA. It is distirbuted as a ZIP archive or an Windows executable installer. The Windows executable installer contains an issue with the DLL search path, which may lead to insecurely loading...

7.8CVSS7.7AI score0.00755EPSS
Exploits0
nessus
nessus
added 2019/07/12 12:0 a.m.64 views

Cisco Jabber for Windows DLL Preloading Vulnerability (cisco-sa-20190703-jabber-dll)

According to its self-reported version, Cisco Jabber for Windows is affected by a vulnerability in the loading mechanism of specific dynamic link libraries due to insufficient validation of the resources loaded by the application at run time. An authenticated, local attacker can exploit this to...

9.3CVSS7.9AI score0.02195EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2019/07/04 7:50 p.m.10 views

CVE-2019-1855 Cisco Jabber for Windows DLL Preloading Vulnerability

A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The...

7.3CVSS7.4AI score0.02195EPSS
Exploits0References2
threatpost
threatpost
added 2019/06/28 8:5 p.m.20 views

New Dridex Variant Slips By Anti-Virus Detection

Researchers have spotted a variant of the Dridex banking trojan with new obfuscation capabilities that help it skirt anti-virus detection. While Dridex has been around since 2011, researchers told Threatpost Friday that they recently spotted phishing emails distributing a never-before-seen varian...

0.8AI score
Exploits0References5
osv
osv
added 2019/05/28 10:29 p.m.5 views

CVE-2019-5589

An Unsafe Search Path vulnerability in FortiClient Online Installer Windows version before 6.0.6 may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files...

7.8CVSS7.5AI score0.02613EPSS
Exploits0References1
jvn
jvn
added 2019/05/10 5:55 a.m.2 views

Electronic reception and examination of application for radio licenses Offline may insecurely load Dynamic Link Libraries

Overview Electronic reception and examination of application for radio licenses Offline contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileges of the running software. Solution Upda...

7.8CVSS6.9AI score0.00944EPSS
Exploits0References6
Rows per page
Query Builder