Lucene search
K

272 matches found

OSV
OSV
added 2024/06/20 9:15 p.m.7 views

CVE-2024-36071

Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search Path...

6.3CVSS5.5AI score0.00142EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/20 12:0 a.m.4 views

SAMSUNG Magician PC Software Security Vulnerability

SAMSUNG Magician PC Software is an application from the South Korean company Samsung SAMSUNG. Designed to help manage Samsung SSDs. A security vulnerability exists in SAMSUNG Magician PC Software version 8.0.0. An attacker could exploit the vulnerability to elevate privileges by tampering with...

6.3CVSS6.7AI score0.00142EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/15 10:31 a.m.15 views

CVE-2024-28099

VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application...

7.3AI score0.00188EPSS
Exploits0References2
CVE
CVE
added 2024/04/15 10:31 a.m.59 views

CVE-2024-28099

CVE-2024-28099 affects VT STUDIO versions 8.32 and earlier. The root cause is an insecure DLL search path that may allow loading malicious DLLs, enabling arbitrary code execution with the application’s privileges. Reported across multiple sources (Red Hat, NVD, JVN/JVNVU, PT-Security, and others)...

7.8CVSS7.3AI score0.00188EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/04/03 8:15 a.m.26 views

CVE-2024-29734

Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application...

7.8CVSS7AI score0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/03 7:11 a.m.32 views

CVE-2024-29734

Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application...

7.2AI score0.00188EPSS
Exploits0References1
CVE
CVE
added 2024/04/03 7:11 a.m.61 views

CVE-2024-29734

CVE-2024-29734 (SonicDICOM Media Viewer) involves an uncontrolled DLL search path element in SonicDICOM Media Viewer 2.3.2 and earlier. The root cause is a DLL search path issue (CWE-427) that may lead to insecure loading of Dynamic Link Libraries, allowing arbitrary code to execute with the priv...

7.8CVSS7.2AI score0.00188EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.4 views

PT-2024-3033 · Vt Studio · Vt Studio

Name of the Vulnerable Software and Affected Versions: VT STUDIO versions 8.32 and earlier Description: The issue is related to an uncontrolled element of the path search, which may lead to insecurely loading Dynamic Link Libraries. This could allow a remote attacker to execute arbitrary code wit...

10CVSS7.3AI score0.00188EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/03/27 12:0 a.m.5 views

SonicDICOM Media Viewer 安全漏洞

SonicDICOM Media Viewer is a software for viewing medical image files from SonicDICOM, Inc. A security vulnerability exists in SonicDICOM Media Viewer 2.3.2 and prior versions, which stems from a contained DLL search path issue that could lead to unsafe loading of dynamic link libraries...

7.8CVSS7.5AI score0.00188EPSS
Exploits0References3
NVD
NVD
added 2024/03/18 10:15 a.m.9 views

CVE-2024-1605

BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries DLL from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for...

7.8CVSS6.5AI score0.00204EPSS
Exploits0References3
CVE
CVE
added 2024/03/18 9:59 a.m.74 views

CVE-2024-1605

CVE-2024-1605 affects BMC Control-M branches 9.0.20 and 9.0.21. On user login, the app loads all DLLs from a directory that has write/read access for all users, allowing potentially malicious libraries to load and execute with the application’s privileges. The CVE details indicate the vulnerabili...

7.8CVSS6.6AI score0.00491EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/03/18 9:59 a.m.24 views

CVE-2024-1605 DLL side-loading in BMC Control-M

BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries DLL from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for...

6.6CVSS6.8AI score0.00204EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/18 9:59 a.m.11 views

CVE-2024-1605 DLL side-loading in BMC Control-M

BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries DLL from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for...

6.6CVSS6.6AI score0.00491EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/06 12:0 a.m.5 views

PT-2024-20751 · Appsamvid · Appsamvid

Name of the Vulnerable Software and Affected Versions: AppSamvid affected versions not specified Description: The issue exists due to the usage of vulnerable and outdated components in the software. An attacker with local administrative privileges could exploit this by placing malicious DLLs on t...

6.3CVSS7.6AI score0.00175EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/22 12:0 a.m.4 views

PT-2024-1947 · Delta Electronics · Cncsoft-B Dopsoft

Name of the Vulnerable Software and Affected Versions: Delta Electronics CNCSoft-B DOPSoft versions prior to 4.0.0.82 Description: The issue is related to the insecure loading of libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed...

7.8CVSS7.8AI score0.0039EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2024/02/06 12:0 a.m.7 views

The vulnerability of the SCADA system (formerly InduSoft Web Studio) AVEVA Edge, related to the loading of unreliable DLL libraries, allows a intruder to execute arbitrary code and increase their privileges.

The vulnerability of the SCADA system formerly InduSoft Web Studio AVEVA Edge relates to the loading of unreliable DLL libraries. Exploiting this vulnerability allows an attacker to execute arbitrary code and increase their privileges...

7.3CVSS7.6AI score0.00193EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/01/31 12:0 a.m.5 views

The vulnerability of the user interface of Trend Micro Air Support’s customer support system allows a hacker to gain access to read, modify, or delete data, execute arbitrary code, and increase their privileges.

The vulnerability of the user interface of Trend Micro Air Support’s customer support system lies in the loading of unreliable DLL libraries. Exploiting this vulnerability can allow attackers to gain access to read, modify, or delete data, execute arbitrary code, and increase their privileges...

9.3CVSS7.5AI score0.00636EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2024/01/17 8:22 p.m.4 views

CVE-2024-22410 Binary Planting Attack on Windows Platforms in Creditcoin

Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute...

3.3CVSS7.3AI score0.00219EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/01/17 12:0 a.m.5 views

PT-2024-19401 · Unknown · Creditcoin

Name of the Vulnerable Software and Affected Versions: Creditcoin affected versions not specified Description: The issue concerns the Windows binary of the Creditcoin node, which loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files...

7.8CVSS7.7AI score0.00219EPSS
Exploits0References6
NVD
NVD
added 2023/12/08 12:15 a.m.16 views

CVE-2023-6061

Rejected reason: This CVE ID has been rejected/withdrawn by its CVE Numbering Authority Palo Alto Networks based on discussions with Mitsubishi Electronics Corporation's PSIRT...

Exploits0
Rows per page
Query Builder