40 matches found
BasicSR 安全漏洞
BasicSR is an open source image and video recovery toolkit from XPixelGroup Open Source. A security vulnerability exists in XPixelGroup BasicSR 1.4.2 and earlier versions that stems from a vulnerability that could allow native code execution under certain circumstances...
Rizin 安全漏洞
Rizin is a free open source reverse engineering framework from the Rizin organization. It is used for analyzing binary files, disassembling code, debugging programs, as a forensic tool, as a scriptable command-line hex editor capable of opening disk files, and more. A security vulnerability exist...
Lorex 2K Indoor Wi-Fi Security Camera 安全漏洞
Lorex 2K Indoor Wi-Fi Security Camera is a series of security cameras from Lorex Canada. A security vulnerability previously existed in Lorex 2K Indoor Wi-Fi Security Camera version 2.800.0000000.8.R.20241111. An attacker exploiting this vulnerability could execute arbitrary operating system...
PAX Technology A920 Injection Vulnerability
PAX Technology A920 is an Android mobile payment terminal from PAX Technology. The PAX Technology A920 suffers from a security vulnerability that originates from a version checking error, which can be exploited by an attacker to steer the loader to downgrade to a vulnerable version, leading to...
CVE-2023-41898
CVE-2023-41898 affects the Home Assistant Companion for Android (up to version 2023.8.2). The vulnerability is arbitrary URL loading in a WebView, enabling arbitrary JavaScript execution, limited native code execution, and credential theft. It has been patched in version 2023.9.2; all users shoul...
Home Assistant Code Injection Vulnerability
Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. A security vulnerability exists in Home Assistant versions prior to 2023.9.2 that stems from an arbitrary URL loading issue in WebView. An attacker can exploit the...
JetBrains IntelliJ IDEA 代码注入漏洞
Jetbrains JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from the Czech company Jetbrains. A security vulnerability exists in JetBrains IntelliJ IDEA 2022.2 and earlier versions, which stems from the possibility that an attacker could execute native...
Jetbrains Rider 代码注入漏洞
JetBrains Rider is a cross-platform integrated development environment IDE from Czech company Jetbrains. versions prior to JetBrains Rider 2022.1 contain a code injection vulnerability that could be exploited by attackers to execute native code via a link in the ReSharper quick documentation...
Jetbrains JetBrains IntelliJ IDEA 代码注入漏洞
JetBrains IntelliJ IDEA is a suite of integrated development environments for the Java language from Jetbrains, a Czech company.A code injection vulnerability exists in versions of JetBrains IntelliJ IDEA prior to 2022.1, which stems from the execution of native code via a link in Quick...
Jetbrains IntelliJ IDEA 代码注入漏洞
JetBrains IntelliJ IDEA is a suite of integrated development environments for the Java language from Jetbrains Czech Republic.JetBrains IntelliJ IDEA versions prior to 2022.1 contain a code injection vulnerability that could be exploited to execute native code via HTML descriptions in custom JSON...
JetBrains IntelliJ IDEA 代码注入漏洞
JetBrains IntelliJ IDEA is a suite of integrated development environments for the Java language from Jetbrains Czech Republic.A code injection vulnerability exists in versions of JetBrains IntelliJ IDEA prior to 2022.1, which could be exploited to execute native code via a custom Pandoc path...
Jetbrains JetBrains IntelliJ IDEA 代码注入漏洞
JetBrains IntelliJ IDEA is a suite of integrated development environments for the Java language from Jetbrains Czech Republic.A code injection vulnerability exists in versions of JetBrains IntelliJ IDEA prior to 2022.1, which could be exploited by attackers to execute native code via workspace...
id Tech 3 -- remote code execution vulnerability
The content auto-download of id Tech 3 can be used to deliver maliciously crafted content, that triggers downloading of further content and loading and executing it as native code with user credentials. This affects ioquake3, ioUrbanTerror, OpenArena, the original Quake 3 Arena and other forks...
Chrome: bypass for download filetype blacklist, extension->native privesc
This bug report describes a vulnerability that can be used by an extension with some permissions to escalate to native code execution on Linux desktops if Java is installed. No user interaction is required. Chrome permits extensions with appropriate permissions "downloads" and "downloads. open" t...
The vulnerabilities in Acrobat software allow a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability in Acrobat allows attackers to bypass the sandbox protection mechanism and execute native code in a privileged context...
Vulnerability of Adobe Reader software, which allows a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information
The vulnerability in Adobe Reader allows attackers to bypass the sandbox protection mechanism and execute native code in a privileged context...
Design/Logic Flaw
The NtSetInformationFile system call hook feature in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via an NTFS junction attack...
CVE-2014-0546
Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors...
CVE-2014-0546
Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors...
openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-4769)
This update of OpenOfficeorg adds restrictions to SQL statements of Java-based databases to avoid the execution of native Jave code by creating procedures. CVE-2007-4575 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...