Authentication flaw

Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation...

CVE-2022-1955

CVE-2022-1955 affects the Session app (version 1.13.0). The root cause described across sources is a lack of adequate security controls to prevent dynamic code manipulation, enabling an attacker with physical access to bypass the password/pin lock and access user data. Public details in the docum...

Toll fraud malware: How an Android application can drain your wallet

Toll fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent, is one of the most prevalent types of Android malware – and it continues to evolve. Compared to other subcategories of billing fraud, which...

Toll fraud malware: How an Android application can drain your wallet

Toll fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent, is one of the most prevalent types of Android malware – and it continues to evolve. Compared to other subcategories of billing fraud, which...

Overview of Top Mobile Security Threats in 2022

Your smartphone is your daily companion. The chances are that most of our activities rely on them, from ordering food to booking medical appointments. However, the threat landscape always reminds us how vulnerable smartphones can be. Consider the recent discovery by Oversecured, a security startu...

CVE-2022-1716

Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation...

Authentication flaw

Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation...

PT-2022-14068 · Unknown · Keep My Notes

Name of the Vulnerable Software and Affected Versions: Keep My Notes version 1.80.147 Description: The issue allows an attacker with physical access to the victim's device to bypass the application's password/pin lock, accessing user data due to inadequate security controls that fail to prevent...

Dolibarr ERP and CRM Code Injection

Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the sam...

Low-rent RAT Worries Researchers

For about the price of a cup of Starbucks latte, a hacker is renting out a remote access trojan designed to backdoor targeted networks. Dubbed as Dark Crystal RAT or DCRat, the malware is being peddled online to hackers in Russian by a lone rookie malware writer with a penchant for cut-rate...

Mozilla: Incorrect AliasSet used in JIT Codegen

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability, this could have been used for an out-of-bounds memory read...

CVE-2021-42809

Improper Access Control of Dynamically-Managed Code Resources DLL in Thales Sentinel Protection Installer could allow the execution of arbitrary code...

Thales Sentinel Protection Installer 访问控制错误漏洞

Thales Group Thales Sentinel Protection Installer is an integrated installer from Thales Group, France. The Thales Sentinel Protection Installer suffers from an access control error vulnerability that stems from improper access control to dynamically managed code resources DLLs in the Thales...

What is RCE (Remote code execution) attack ❓ Prevention methods

What is Remote Code Execution? Remote Code Execution or execution, also known as Arbitrary Code Execution, is a concept that describes a form of cyberattack in which the attacker can solely command the operation of another person’s computing device or computer. RCE takes place when malicious...

CVE-2021-22387

There is an Improper Control of Dynamically Managing Code Resources Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to remotely execute commands...

GHSA-W8H4-VW8F-RVVJ Improper Control of Dynamically-Managed Code Resources in config-shield

scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...

[SECURITY] Fedora 33 Update: python-py-1.10.0-1.fc33

The py lib is a Python development support library featuring the following tools and modules: py.path: uniform local and svn path objects py.apipkg: explicit API control and lazy-importing py.iniconfig: easy parsing of .ini files py.code: dynamic code generation and introspection py.path: uniform...

[SECURITY] Fedora 32 Update: python-py-1.10.0-1.fc32

The py lib is a Python development support library featuring the following tools and modules: py.path: uniform local and svn path objects py.apipkg: explicit API control and lazy-importing py.iniconfig: easy parsing of .ini files py.code: dynamic code generation and introspection py.path: uniform...

CVE-2020-4100

"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime;...

Design/Logic Flaw

"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime;...