CVE-2024-11957

Kingsoft WPS Office on Windows is affected by CVE-2024-11957 due to improper verification of the digital signature in ksojscore.dll, with affected versions 12.1.0.18276 and earlier. This allows loading of arbitrary Windows libraries. The patch released in 12.2.0.16909 to address CVE-2024-7262 was...

CVE-2024-57964

The CVE-2024-57964 entry concerns the HVAC Energy Saving Program, where insecure loading of Dynamic Link Libraries is the root cause. The vulnerability can allow a local attacker to disclose information or execute arbitrary code on affected systems, with a CVSS v3.1 base score of 7.3 ( HIGH ) and...

Hitachi HVAC Energy Saving Program 安全漏洞

Hitachi HVAC Energy Saving Program is an energy saving program project of Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi HVAC Energy Saving Program that originates from an unsafe loading of a dynamic link library, which could lead to local code execution or information...

PT-2025-6762 · Unknown · Hvac Energy Saving Program

Name of the Vulnerable Software and Affected Versions: HVAC Energy Saving Program affected versions not specified Description: A discovery has been made of an insecure loading of dynamic link libraries in the HVAC Energy Saving Program, which could allow local attackers to potentially disclose...

CVE-2022-27595

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windo...

CVE-2022-27595 QVPN Device Client

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windo...

CVE-2022-27595

CVE-2022-27595 corresponds to an insecure library loading vulnerability in QNAP’s QVPN Device Client. Multiple connected sources consistently state that a local attacker who already has user access can exploit this issue to execute unauthorized code or commands on affected systems. The problem is...

QVPN Device Client 代码问题漏洞

QNAP Systems QVPN Device Client is a client software from China Weilian Technology QNAP Systems that is used to manage connections to VPN servers running on QNAP devices. A code issue vulnerability exists in QVPN Device Client that stems from an insecure library loading vulnerability that allows ...

Adobe After Effects < 16.1.2 (APSB19-31)

The version of Adobe After Effects installed on the remote Windows host is prior to 16.1.2. It is, therefore, affected by a vulnerability as referenced in the APSB19-31 advisory. - Adobe After Effects versions 16 and earlier have an insecure library loading dll hijacking vulnerability. Successful...

Adobe Animate 20.x < 20.0.0 A Vulnerability (APSB19-34)

The version of Adobe Animate installed on the remote macOS or Mac OS X host is prior to 20.0.0. It is, therefore, affected by a vulnerability as referenced in the apsb19-34 advisory. - Adobe Animate CC versions 19.2.1 and earlier have an insecure library loading dll hijacking vulnerability...

Adobe Illustrator < 24.0 Multiple Vulnerabilities (APSB19-36)

The version of Adobe Illustrator installed on the remote Windows host is prior to 24.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB19-36 advisory. - Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Successful exploitation...

Adobe Digital Editions < 4.5.5 Multiple Vulnerabilities (APSB17-20) (macOS)

The version of Adobe Digital Editions installed on the remote macOS host is prior to 4.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB17-20 advisory. - Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The...

Adobe Digital Editions < 4.5.5 Multiple Vulnerabilities (APSB17-20)

The version of Adobe Digital Editions installed on the remote Windows host is prior to 4.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB17-20 advisory. - Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The...

The vulnerability of the Rockwell Automation Emulate3D software for virtual modeling of equipment and manufacturing processes lies in improper external control of file names or file paths, allowing a hacker to execute arbitrary code.

The vulnerability of the Rockwell Automation Emulate3D software for virtual modeling of equipment and manufacturing processes is related to improper external manipulation of file names or DLL files during library loading. Exploiting this vulnerability allows an attacker to execute arbitrary code...

CLSA-2024-1728056039 gtk3: Fix of CVE-2024-6655

CVE-2024-6655: fix loading library from unstrusted search path...

CVE-2024-7263

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 exclusive on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough...

CVE-2024-7262

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 exclusive on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive...

PT-2024-29000 · Changing Information Technology · Tcbservisign

Name of the Vulnerable Software and Affected Versions: TCBServiSign Windows Version from CHANGING Information Technology affected versions not specified Description: The issue concerns improper validation of server-side input in a specific API. This allows unauthenticated remote attackers to caus...

ghostscript: OPVP device arbitrary code execution via custom Driver library

A flaw was found in Ghostscript. The "Driver" parameter for the "opvp"/"oprp" device specifies the name of a dynamic library and allows any library to be loaded. This flaw allows a malicious user to send a specially crafted document that, when processed by Ghostscript, could potentially lead to...

ghostscript: OPVP device arbitrary code execution via custom Driver library

A flaw was found in Ghostscript. The "Driver" parameter for the "opvp"/"oprp" device specifies the name of a dynamic library and allows any library to be loaded. This flaw allows a malicious user to send a specially crafted document that, when processed by Ghostscript, could potentially lead to...