The vulnerability of the software for managing systems in the One-to-one Dell EMC OpenManage Server Administrator (OMSA) environment lies in insufficient validation of input data. This allows a malicious actor to trigger a service failure.

The vulnerability of the software for managing systems in the One-to-one Dell EMC OpenManage Server Administrator OMSA mode is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to trigger a service failure by loading malicious plugins or...

Famatech Advanced IP Scanner 代码问题漏洞

Famatech Advanced IP Scanner is a fast, powerful and easy-to-use IP scanner from Famatech. A code issue vulnerability exists in Famatech Advanced IP Scanner that stems from the loading of a Qt plugin from an insecure location when the application is using Qt, which could allow a local attacker to...

IMA Fails to Start with Error Code 2147483649

The IMA Service might sometimes fail with error code 2147483649. Failed to load plugins imapsss.dll, imaruntimess.dll, 80000001h...

SUSE CVE-2024-27903

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service...

PT-2024-5009 · Openvpn +1 · Openvpn +1

Name of the Vulnerable Software and Affected Versions: OpenVPN versions 2.6.9 and earlier Description: The issue is related to the unrestricted loading of plug-in files in OpenVPN on Windows. This allows an attacker to load an arbitrary plug-in, which can interact with the privileged OpenVPN...

OpenVPN 安全漏洞

OpenVPN is a software package for creating encrypted tunnels for virtual private networks VPNs from US-based OpenVPN, which uses the OpenSSL library to encrypt data and control information and allows the created VPN to be authenticated using a public key, an electronic certificate, or a...

The vulnerability of the admin-center component of the i-doit Pro software, which is used for creating and managing inventory database systems, allows a hacker to execute arbitrary code.

The vulnerability of the admin-center component in the i-doit Pro IT infrastructure management tool is related to weak password requirements during account creation. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by loading a malicious plugin remotely...

SUSE CVE-2011-3047

The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption by leveraging an error in the plug-in loading mechanism...

SUSE CVE-2015-1302

The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and outofprocessinstance.cc...

GHSA-JC69-HJW2-FM86 com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution

Impact A potential remote command execution issue exists within redshift-jdbc42 versions 2.1.0.7 and below. When plugins are used with the driver, it instantiates plugin instances based on Java class names provided via the sslhostnameverifier, socketFactory, sslfactory, and sslpasswordcallback...

Parallels Access 代码问题漏洞

Parallels Access is a parallel access application from Parallels USA. enabling the fastest, easiest, and most reliable remote access to your computer from anywhere. A code issue vulnerability exists in Parallels Access Agent version 6.5.4 39316 that stems from This vulnerability allows a local...

The vulnerability of the QPluginLoader component in the cross-platform development framework for Qt software allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the QPluginLoader component in the cross-platform software development framework for Qt relates to the ability to load plugins from the working directory. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and...

AZL-6837 CVE-2020-24742 affecting package qt5-qtsvg for versions less than 5.12.11-3

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files...

Qt QLibrary 安全漏洞

Qt QLibrary is a code framework and QLibrary is one of his libraries. A security vulnerability exists in Qt QLibrary versions prior to 5.14.0, which stems from QPluginLoader attempting to load a plugin relative to the working directory...

Qt QLibrary 安全漏洞

Qt QLibrary is a code framework and QLibrary is one of his libraries. A security vulnerability exists in Qt QLibrary versions prior to 5.14.1 and prior to 5.12.7, which stems from QLibrary attempting to load a plugin relative to a working directory...

DEBIAN-CVE-2021-20206

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...

CVE-2020-15592

SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes...

The vulnerability of the Ansible configuration management system lies in the lack of control over the path used to locate the configuration file ansible.cfg, which allows a attacker to execute arbitrary code.

The vulnerability of the Ansible configuration management system lies in the reading of the ansible.cfg file from the working directory. This file’s location can be altered, allowing the attacker to point it to a plugin or module that is under their control. Exploiting this vulnerability could...

(Pwn2Own) Huawei Reader Insecure Plugin Loading Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Huawei Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

CVE-2018-10170

NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "nordvpn-service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect" method accepts a...