4064 matches found
CVE-2025-30673
Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory '.' to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code...
CVE-2024-40673
In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
UBUNTU-CVE-2024-40673
In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
CVE-2024-40673
In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
The vulnerability of the UEFI loader in Howyar Reloader for Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the UEFI loader in Howyar Reloader for Windows systems involves loading code without checking its integrity. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Apache Solr Code Issue Vulnerability
Apache Solr is the United States Apache Apache Foundation of a search server based on Lucene a full-text search engine. The product supports level search , vertical search , highlighting search results and so on. A code issue vulnerability exists in Apache Solr, which stems from the presence of a...
PT-2024-28980 · Oracle · Java
Name of the Vulnerable Software and Affected Versions: Java affected versions not specified Description: The issue allows an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional...
ASB-A-309938635
In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
The vulnerability of AirPrint’s interface on the operating system for managing Synology Router Manager network devices allows a hacker to execute arbitrary code.
The vulnerability of AirPrint’s functionality in the operating system for managing network devices with Synology Router Manager is related to the loading of code without checking its integrity. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
ROS-20240524-03
A vulnerability in Ruby Sinatra web application development framework is related to code loading without checking its integrity. of its integrity. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
CVE-2023-52806
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix possible null-ptr-deref when assigning a stream While AudioDSP drivers assign streams exclusively of HOST or LINK type, nothing blocks a user to attempt to assign a COUPLED stream. As supplied substream instance ma...
CVE-2023-52806
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix possible null-ptr-deref when assigning a stream While AudioDSP drivers assign streams exclusively of HOST or LINK type, nothing blocks a user to attempt to assign a COUPLED stream. As supplied substream instance ma...
CVE-2023-52806
CVE-2023-52806 concerns the Linux kernel ALSA hda subsystem. The description in the initial document notes a possible NULL pointer dereference when an AudioDSP stream is assigned, specifically when a COUPLED stream is inadvertently accepted despite drivers using HOST or LINK types. The connected ...
The vulnerability of the WP Crontrol plugin of the WordPress content management system allows a hacker to execute arbitrary code.
The vulnerability of the WP Crontrol plugin of the WordPress content management system is related to the loading of code without checking its integrity. Exploiting this vulnerability can allow a hacker to execute arbitrary code...
The vulnerability of the microprogrammed Ethernet receiver software from the Trio Q, Trio E, and Trio J series lies in the fact that code can be loaded without any checks for its integrity. This allows a hacker to inject additional code into the device’s firmware.
The vulnerability of the microprogrammed Ethernet receiver software from the Trio Q, Trio E, and Trio J series is related to the loading of code without checking its integrity. Exploiting this vulnerability allows a remote attacker to inject additional code into the device’s firmware...
Malicious Apps Use Sneaky Versioning Technique to Bypass Google Play Store Scanners
Threat actors are leveraging a technique called versioning to evade Google Play Store's malware detections and target Android users. "Campaigns using versioning commonly target users' credentials, data, and finances," Google Cybersecurity Action Team GCAT said in its August 2023 Threat Horizons...
CVE-2023-21098
In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2023-21098
In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2023-21098
In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
Payara Server 安全漏洞
Payara Server is a cloud-native, innovative, open source middleware platform from Payara UK. A security vulnerability exists in Payara Server that originates from allowing a remote attacker to load malicious code on the server after performing a JNDI directory scan. Affected Products and Versions...