Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in .NET source generator for P/Invokes that can lead to generated code freeing uninitialized memory and crashing. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-arm64 to...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in .NET source generator for P/Invokes that can lead to generated code freeing uninitialized memory and crashing. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm to version...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in .NET source generator for P/Invokes that can lead to generated code freeing uninitialized memory and crashing. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-arm to...

GHSA-933G-V89R-X8PF Apache Dubbo vulnerable to Deserialization of Untrusted Data

A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions...

PT-2023-3056 · Apache · Apache Dubbo

Name of the Vulnerable Software and Affected Versions: Apache Dubbo versions 2.7.21 and prior versions Apache Dubbo versions 3.0.13 and prior versions Apache Dubbo versions 3.1.5 and prior versions Description: A deserialization vulnerability existed when dubbo generic invoke, which could lead to...

SUSE CVE-2012-4820

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600,...

SUSE CVE-2017-17523

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument...

SUSE CVE-2021-28375

An issue was discovered in the Linux kernel through 5.11.6. fastrpcinternalinvoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308...

OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to...

OSV-2022-588 Heap-use-after-free in wasmtime_runtime::externref::gc::hcbc8e23ae41614fa

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49171 Crash type: Heap-use-after-free WRITE 8 Crash state: wasmtimeruntime::externref::gc::hcbc8e23ae41614fa wasmtimefuzzing::oracles::tableops::$u7b$$u7b$closure$u7d$$u7d$::hd207e5ffb69...

CVE-2022-36126

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script...

Authentication flaw

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes...

Exploit for CVE-2022-30190

CVE-2022-30190-follina Just another PoC for the new MSDT-Explo...

Wondershare Dr.Fone 12.0.7 - Privilege Escalation (ElevationService) Exploit

Exploit Title: Wondershare Dr.Fone 12.0.7 - Privilege Escalation ElevationService Exploit Author: Netanel Cohen & Tomer Peled Vendor Homepage: https://drfone.wondershare.net/ Software Link: https://download.wondershare.net/drfonefull4008.exe Version: up to 12.0.7 Tested on: Windows 10 CVE :...

kernel: use-after-free in the TEE subsystem

A use-after-free flaw in the Linux kernel TEE Trusted Execution Environment subsystem was found in the way user calls ioctl TEEIOCOPENSESSION or TEEIOCINVOKE. A local user could use this flaw to crash the system or escalate their privileges on the system. If the Linux system non configured with t...

编号撤回

Laravel, a web application framework from the Laravel Team Laravel, has a security vulnerability that stems from a vulnerability in 1 RoutingPendingResourceRegistration.php via destruct, 2 cal in QueueCapsuleManager.php and 3 the deserialization pop-up chain invoke in...

CVE-2022-22916

O2OA v6.4.7 was discovered to contain a remote code execution RCE vulnerability via /xprogramcenter/jaxrs/invoke...

Remote code execution

O2OA v6.4.7 was discovered to contain a remote code execution RCE vulnerability via /xprogramcenter/jaxrs/invoke...

CVE-2022-23118

Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line git at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller...

The vulnerability of the TEE_IOC_OPEN_SESSION or TEE_IOC_INVOKE system call implementations in Linux operating systems allows a malicious actor to trigger a service failure or increase their privileges.

The vulnerability of the TEEIOCOPENSESSION or TEEIOCINVOKE system call implementations in Linux operating systems is related to the use of uninitialized resources. Exploiting this vulnerability can allow an attacker to cause service failures or increase their privileges...