ghostscript: OPVP device arbitrary code execution via custom Driver library

A flaw was found in Ghostscript. The "Driver" parameter for the "opvp"/"oprp" device specifies the name of a dynamic library and allows any library to be loaded. This flaw allows a malicious user to send a specially crafted document that, when processed by Ghostscript, could potentially lead to...

CVE-2024-5509

Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target mus...

PT-2024-5609 · Dell · Dell Peripheral Manager

Name of the Vulnerable Software and Affected Versions: Dell Peripheral Manager versions prior to 1.7.6 Description: The issue is related to an uncontrolled search path element in the Dell Peripheral Manager software. This could allow an attacker to potentially exploit the vulnerability through...

PT-2024-10875 · B&R · Automation Studio

Name of the Vulnerable Software and Affected Versions: B&R Automation Studio versions 4.0 through 4.11 Description: The issue is related to improper DLL loading algorithms, which may allow an authenticated local attacker to execute code in the context of the product with elevated privileges...

UBUNTU-CVE-2024-33871

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp devices can have an arbitrary name for a...

CVE-2023-44438

Ashlar-Vellum Argon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Argon. User interaction is required to exploit this vulnerability in that the target must visit...

CVE-2023-44438

CVE-2023-44438 concerns Ashlar-Vellum Argon, a CAD/3D modeling tool. The vulnerability stems from how Argon parses various file types, loading a library from an unsecured location, which enables remote code execution with the attacker’s code running in the context of the target process. Exploitat...

The vulnerability of the configuration file seccenter.exe of antivirus protection tools such as Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, and Bitdefender Antivirus Free allows a perpetrator to escalate their privileges or execute arbitrary code.

The vulnerability of the configuration file seccenter.exe used by antivirus protection software such as Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, and Bitdefender Antivirus Free is related to errors in system settings or configuration. Exploiting this...

PT-2024-22489 · Axigen · Axigen Mail Server

Name of the Vulnerable Software and Affected Versions: Axigen Mail Server for Windows versions 10.5.18 and before Description: An issue was discovered in Axigen Mail Server for Windows, allowing local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL...

Keyence VT STUDIO 安全漏洞

Keyence VT STUDIO is a software used by Keyence China to configure and monitor its vision inspection systems. A security vulnerability exists in Keyence VT STUDIO version 8.32 and prior versions, which stems from a DLL loading error. The vulnerability can be exploited by an attacker to execute...

The vulnerability of Microsoft Exchange Server’s mail server, related to an uncontrolled search path element, allows attackers to execute arbitrary code.

The vulnerability of Microsoft Exchange Server is related to an uncontrolled element in the loading process for DLL libraries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

VulnCheck KEV: CVE-2024-7262

Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library...

Delta Electronics CNCSoft Code Issue Vulnerability

Delta Electronics CNCSoft is a CNC machine simulation system software from Delta Electronics, Taiwan, China. The software provides high-performance motion control, rich human-machine interface functions, user-friendly operation, high stability to meet the needs of high-speed cutting, and good...

CVE-2023-50292 Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users

Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...

CVE-2024-23681

Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code...

CVE-2023-41780

There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges...

Apache Hadoop allows local user to gain root privileges

Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...

CVE-2023-26031 Privilege escalation in Apache Hadoop Yarn container-executor binary on Linux systems

Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...

PT-2023-7085 · Ashlar Vellum · Ashlar-Vellum Argon

Name of the Vulnerable Software and Affected Versions: Ashlar-Vellum Argon affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Argon. User interaction is required, as the target must visit a malicious...

Ashlar-Vellum Lithium Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Lithium. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...