The vulnerability of the application software interface of the JumpServer system for auditing security operations and maintenance allows a perpetrator to bypass passwords.

The vulnerability of the application software interface of the JumpServer security audit system for operation and maintenance involves insufficient protection of operational data during the loading of external libraries. Exploiting this vulnerability allows a malicious actor to remotely reset...

CLSA-2023-1691576279 Fix CVE(s): CVE-2023-38408

SECURITY UPDATE: helper programs can dlopen/dlclose any libraries from /usr/lib - debian/patches/CVE-2023-38408-Ensure-FIDO-PKCS11-libraries-contain-expect.patch: checks libraries before dlopen - debian/patches/CVE-2023-38408-Separate-ssh-pkcs11-helpers-for-each-p11-mo.patch: separate...

Exploit for CVE-2023-38820

DLL-Planting-Slack-4.33.73-CVE-2023-38820 DLL Planting in the...

PT-2023-3970 · Unknown · Qvpn Device Client

Name of the Vulnerable Software and Affected Versions: QVPN Device Client versions prior to 2.0.0.1310 QVPN Device Client versions prior to 2.0.0.1316 Description: The issue is related to an insecure library loading vulnerability. If exploited, it could allow local attackers who have gained user...

The vulnerability of the application development environment for ISaGRAF programmable logic controllers arises from the use of an unreliable search path during the loading of dynamic libraries. This allows a hacker to execute arbitrary code.

The vulnerability in the application development environment for ISaGRAF Runtime Rockwell Automation relates to the use of an unreliable search path during the loading of dynamic libraries. Exploiting this vulnerability allows a local attacker to execute arbitrary code...

Privilege escalation

Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office Windows before build 40208...

Qualys Cloud Agent 代码问题漏洞

Qualys Cloud Agent is a lightweight application from Qualys USA, Inc. A single agent for real-time, global visibility and response. A security vulnerability exists in Qualys Cloud Agent versions prior to 4.5.3.1, which stems from a malicious copy of the Dependency Link Library DLL that allows an...

Trend Micro Security 代码问题漏洞

Trend Micro Security is an antivirus software from Trend Micro. A security vulnerability exists in Trend Micro Security that stems from the presence of a DLL hijacking vulnerability that could result in unsafe loading of dynamic link libraries. Affected products and versions: Trend Micro Security...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE by allowing an attacker to load a runtime DLL from an unexpected location. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 6.0.16, 7.0.5 or higher. References - Advisory - GitHub Commit -...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 04201.2111.1802.0000. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 04201.2111.1802.0000. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

CVE-2022-28686

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 04201.2111.1802.0000. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

CVE-2022-28687

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 04201.2111.1802.0000. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

PT-2023-1883 · Mcafee · Mcafee Total Protection

Name of the Vulnerable Software and Affected Versions: McAfee Total Protection versions prior to 16.0.49 Description: The issue is related to an uncontrolled search path element in McAfee Total Protection, which can be exploited to elevate user privileges due to DLL sideloading. This could enable...

SUSE CVE-2005-4158

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the 1 PERLLIB, 2 PERL5LIB, and 3 PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included...

SUSE CVE-2009-3954

The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."...

SUSE CVE-2009-5147

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names...

SUSE CVE-2010-3375

qtparted has insecure library loading which may allow arbitrary code execution...

PT-2023-32946 · Unknown · Artemis Java Test Sandbox

Name of the Vulnerable Software and Affected Versions: Artemis Java Test Sandbox versions prior to 1.11.2 Description: The issue allows an attacker to escape the sandbox by loading untrusted libraries using System.load or System.loadLibrary. This can lead to arbitrary Java code execution when a...

Exploit for CVE-2019-16253

K0mraid3s-System-Shell Way back in 2019, a vulnerability that...