Unicorn Security Vulnerabilities

CVE-2023-29722

The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker...

CVE-2023-29723

The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is...

CVE-2021-4296

A vulnerability, which was classified as problematic, has been found in w3c Unicorn. This issue affects the function ValidatorNuMessage of the file src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. The manipulation of the argument message leads to cross site scripting. The attack may be...

CVE-2022-29694

Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via...

CVE-2022-29695

Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine...

CVE-2022-29692

Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook...

CVE-2022-29693

Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at...

CVE-2021-44078

An issue was discovered in split_region in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute crafted code in the target sandbox in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2021-42134

The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for...

CVE-2021-42053

The Unicorn framework through 0.35.3 for Django allows XSS via...

CVE-2021-36979

Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (called from cpu_arm_exec_armeb and...

CVE-2020-36431

Unicorn Engine 1.0.2 has an out-of-bounds write in...

CVE-2017-16131

unicorn-list is a web framework. unicorn-list is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...