Fortinet FortiClient 代码问题漏洞

FortiClient is a mobile endpoint security solution from Fortinet, Inc. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance.FortiClient is vulnerable to an elevation of privilege...

Updated qt4 packages fix security vulnerability

CVE-2020-24741, Do not attempt to load a library relative to $PWD...

MGASA-2021-0510 Updated qt4 packages fix security vulnerability

CVE-2020-24741, Do not attempt to load a library relative to $PWD...

CVE-2021-38416 Delta Electronics DIALink

Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed...

Delta Electronics DiaLink 代码问题漏洞

DIALink is an equipment networking platform from Delta Electronics that effectively manages CNC machines and PLC-controlled machines, collects on-site equipment data and connects it to the upper management platform through a unified interface, and at the same time provides visual information...

Trend Micro Apex One 代码问题漏洞

Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities. Trend Micro Apex One suffers from a code issue vulnerability that stems from the application allowing the inclusion of libraries from the...

Trend Micro Apex One 代码问题漏洞

Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities. Trend Micro Apex One suffers from a code issue vulnerability that stems from the application allowing the inclusion of libraries from the...

ruby:2.7 security, bug fix, and enhancement update

ruby 2.7.3-136 - Upgrade to Ruby 2.7.3. Resolves: rhbz1951999 - Resolv::DNS: timeouts if multiple IPv6 name servers are given and address contains leading zero Resolves: rhbz1952000 2.7.2-135 - Upgrade to Ruby 2.7.2. - Avoid possible timeout errors in TestBugReportertestbugreporteradd. 2.7.1-133 ...

CVE-2021-29949

When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious...

ISaGRAF 代码问题漏洞

Rockwell Automation ISaGRAF is an automation software technology for creating integrated automation solutions from Rockwell Automation. It is designed to be scalable and portable and is suitable for the development of small controllers and large distributed automation systems. ISaGRAF suffers fro...

Adobe Genuine Service Code Issue Vulnerability

Adobe Genuine Service is a licensed software service from Adobe. A security vulnerability exists in Adobe Genuine Service 6.6 and earlier versions based on Window and macOS platforms, which stems from the program not loading libraries correctly. An attacker could exploit the vulnerability to...

Code injection

A vulnerability has been identified in LOGO! Soft Comfort All versions V8.4. The software insecurely loads libraries which makes it vulnerable to DLL hijacking. Successful exploitation by a local attacker could lead to a takeover of the system where the software is installed...

Samsung SMR 安全漏洞

Samsung SMR is a system firmware from Samsung South Korea. It provides storage for system applications. A security vulnerability exists in SMR Mar-2021 Release 1 that allows an attacker to load arbitrary ELF libraries in the DSP. No details of the vulnerability are provided at this time...

Luxion KeyShot 安全漏洞

Luxion KeyShot is a software for designing photos of 3D scenes from Luxion USA. The software enables a real-time 3D rendering workflow that displays results immediately and reduces the time required to create photorealistic product photos. A security vulnerability exists in the Luxion KeyShot...

The vulnerability of the Cisco Proximity Desktop display software lies in its uncontrolled search path element, which allows a hacker to execute arbitrary code.

The vulnerability of the Cisco Proximity Desktop display software is related to an uncontrolled search path element. Exploiting this vulnerability could allow a attacker to execute arbitrary code during the loading of certain DLL libraries...

The installer of SKYSEA Client View may insecurely load Dynamic Link Libraries

Overview SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. The installer of SKYSEA Client View contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. shogo kumamaru of LAC Co.,Ltd reported this...

Epson Setupmanager Code Issue Vulnerability

Epson Setupmanager is a printer driver software from Epson Japan for Windows operating systems. A code issue vulnerability exists in the self-extracting file in version 2.2.1 of Epson Setupmanager, which could lead to unsafe loading of dynamic link libraries...

The vulnerability of the Adobe Lightroom Classic graphic editor lies in the ability to download a dynamic library that does not exist, allowing attackers to escalate their privileges.

The vulnerability of the Adobe Lightroom Classic graphic editor is related to the loading of a dynamic library that does not exist. Exploiting this vulnerability can allow an attacker, operating remotely, to increase their privileges in the context of the current user...

Windows Migration Assistant < 2.2.0.0 Arbitrary Code Execution (HT211186)

According to its self-reported version number, the version of Windows Migration Assistant installed on the remote host is prior to 2.2.0.0. It is, therefore, affected by an arbitrary code execution vulnerability due to a dynamic library loading issue. An unauthenticated, local attacker can exploi...

CVE-2020-16902

An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then...