CVE-2022-0500

A flaw was found in unrestricted eBPF usage by the BPFBTFLOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system...

AlmaLinux 8 : perl (ALSA-2021:1678)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1678 advisory. - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow...

F5 Networks BIG-IP : Perl vulnerability (K40508224)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4.5 / 15.1.4.1 / 15.1.5 / 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K40508224 advisory. Perl before 5.30.3 has an integer overflow related to mishandling of a PLregkindOPn ==...

Mageia: Security Advisory (MGASA-2015-0244)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-21675

Bytecode Viewer BCV is a Java/Android reverse engineering suite. Versions of the package prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames e.g...

CVE-2022-21675

BCV (Bytecode Viewer) versions prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip). A crafted archive with directory traversal filenames (e.g., ../../evil.exe) can overwrite files across formats such as zip, jar, tar, war, cpio, apk, rar, 7z, enabling file ove...

CVE-2022-21675 Bytecode Viewer v2.10.x Zip Slip

Bytecode Viewer BCV is a Java/Android reverse engineering suite. Versions of the package prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames e.g...

CVE-2022-21675 Bytecode Viewer v2.10.x Zip Slip

Bytecode Viewer BCV is a Java/Android reverse engineering suite. Versions of the package prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames e.g...

Bytecode Viewer 路径遍历漏洞

Bytecode Viewer is an advanced lightweight Java/Android reverse engineering suite decompiler, editor, debugger, etc.. A path traversal vulnerability exists in Bytecode Viewer versions prior to 2.11.0, which stems from the software's susceptibility to an arbitrary file write attack via archive...

Path Traversal in konloch/bytecode-viewer

Description the.bytecode.club:Bytecode-Viewer is a lightweight user-friendly Java/Android Bytecode Viewer, Decompiler & More. Affected versions of the package are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". The vulnerability is exploited using a specially crafted...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

🔍 Log4JShell Bytecode Detector Log4jShell Bytecode Detector i...

Lucet Resource Management Error Vulnerability

Lucet is an open source, native WebAssembly compiler and runtime from the Bytecode Alliance organization. Lucet has a resource management error vulnerability that stems from the presence of post-release usage in Lucet's Instance object, which can be exploited by attackers to cause memory...

NewStart CGSL MAIN 6.02 : perl Multiple Vulnerabilities (NS-SA-2021-0134)

The remote NewStart CGSL host, running version MAIN 6.02, has perl packages installed that are affected by multiple vulnerabilities: - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. CVE-2020-10543 ...

Wrong type for `Linker`-define functions when used across two `Engine`s

Impact As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should not be possible to have memory unsafety issues in their embeddings of Wasmtime. An issue was discovered in the safe API of...

The vulnerability of the ecma-bytecode-ref function in the ecma-helpers.c component of the JavaScript engine for IoT JerryScript and the IoT.js platform, related to memory usage after deallocation, allows a attacker to trigger a service failure.

The vulnerability of the ecmabytecoderef function in the ecma-helpers.c component of the JavaScript engine for IoT JerryScript and the IoT.js platform is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...

perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS

Perl before 5.30.3 has an integer overflow related to mishandling of a "PLregkindOPn == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection...

GHSA-9H4H-8W5P-F28W Go Ethereum Denial of Service

cmd/evm/runner.go in Go Ethereum aka geth allows attackers to cause a denial of service SEGV via crafted bytecode. Specific Go Packages Affected github.com/ethereum/go-ethereum/cmd/evm...

Go Ethereum Denial of Service

cmd/evm/runner.go in Go Ethereum aka geth allows attackers to cause a denial of service SEGV via crafted bytecode. Specific Go Packages Affected github.com/ethereum/go-ethereum/cmd/evm...

CVE-2021-0511

In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9...

CVE-2021-0511

In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9...