CVE-2023-0460

The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXTINCLUDECODE | Context.CONTEXTIGNORESECURITY. This allows the client app to remotely load code from YouTube Main App by retrieving the Main App’s...

CVE-2023-0460 Remote code execution in YouTube Android Player API SDK

The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXTINCLUDECODE | Context.CONTEXTIGNORESECURITY. This allows the client app to remotely load code from YouTube Main App by retrieving the Main App’s...

The vulnerability of the PostgreSQL database management system, related to the loading of code without checking its integrity, allows a perpetrator to execute arbitrary code.

The vulnerability of the PostgreSQL database management system lies in the loading of code without checking its integrity. Exploiting these vulnerabilities allows a malicious actor to execute arbitrary code remotely...

SUSE CVE-2020-15801

In Python 3.8.4, sys.path restrictions specified in a python38.pth file are ignored, allowing code to be loaded from arbitrary locations. The .pth file e.g., the python.pth file is not affected...

Android 14 developer preview highlights multiple security improvements

Android developers have been given a taste of whats to come in the next big step up in mobile land, thanks to Android 14 waiting on the horizon. The developer preview is a great way for those most familiar with the mobile operating system to see which changes theyll enjoy and what ones theyll hav...

CVE-2022-20474

In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

PT-2022-14692 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-13 Description: In the readLazyValue function of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation...

Toll fraud malware: How an Android application can drain your wallet

Toll fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent, is one of the most prevalent types of Android malware – and it continues to evolve. Compared to other subcategories of billing fraud, which...

Toll fraud malware: How an Android application can drain your wallet

Toll fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent, is one of the most prevalent types of Android malware – and it continues to evolve. Compared to other subcategories of billing fraud, which...

Overview of Top Mobile Security Threats in 2022

Your smartphone is your daily companion. The chances are that most of our activities rely on them, from ordering food to booking medical appointments. However, the threat landscape always reminds us how vulnerable smartphones can be. Consider the recent discovery by Oversecured, a security startu...

Deep Panda deploys new rootkit “Fire Chili” by exploiting Log4shell in VMware horizon

THREAT LEVEL: Red For a detailed advisory, download the pdf file here Deep Panda, a Chinese APT group, took advantage of the well-known Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor, rootkit, and steal sensitive data. This threat actor is primarily targeting firms in the...

DEBIAN-CVE-2016-1239

duck before 0.10 did not properly handle loading of untrusted code from the current directory...

CVE-2016-1239

CVE-2016-1239 concerns the Duck interpreter prior to 0.10, where loading of untrusted code from the current directory is mishandled. The vulnerability allows an attacker to influence code loaded from the working directory, with the NVD metrics indicating a high-severity impact (CVSS v3.1: CRITICA...

Python has an unspecified vulnerability

Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python version 3.8.4, which stems from the program's failure to enforc...

CVE-2020-15801

In Python 3.8.4, sys.path restrictions specified in a python38.pth file are ignored, allowing code to be loaded from arbitrary locations. The .pth file e.g., the python.pth file is not affected...

CVE-2020-4100

"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime;...

Design/Logic Flaw

"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime;...

CVE-2020-4100

HCL Verse for Android is affected by a vulnerability linked to its use of dynamic code loading. The root cause is the ability to load components at runtime, which can lead to loading unintended code if not implemented properly. Some connected reports explicitly describe a HCL Verse Android code-e...

CVE-2020-4100

"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime;...

The vulnerability of OpenShift containerized application platforms, related to the loading of code without checking its integrity, allows a hacker to execute a type of “man-in-the-middle” attack.

The vulnerability of OpenShift container platforms relates to the loading of code without checking its integrity. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” type attack...