4040 matches found
CVE-2021-22387
There is an Improper Control of Dynamically Managing Code Resources Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to remotely execute commands...
GHSA-W8H4-VW8F-RVVJ Improper Control of Dynamically-Managed Code Resources in config-shield
scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...
[SECURITY] Fedora 33 Update: python-py-1.10.0-1.fc33
The py lib is a Python development support library featuring the following tools and modules: py.path: uniform local and svn path objects py.apipkg: explicit API control and lazy-importing py.iniconfig: easy parsing of .ini files py.code: dynamic code generation and introspection py.path: uniform...
[SECURITY] Fedora 32 Update: python-py-1.10.0-1.fc32
The py lib is a Python development support library featuring the following tools and modules: py.path: uniform local and svn path objects py.apipkg: explicit API control and lazy-importing py.iniconfig: easy parsing of .ini files py.code: dynamic code generation and introspection py.path: uniform...
CVE-2020-4100
"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime;...
Design/Logic Flaw
"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime;...
CVE-2020-4100
HCL Verse for Android is affected by a vulnerability linked to its use of dynamic code loading. The root cause is the ability to load components at runtime, which can lead to loading unintended code if not implemented properly. Some connected reports explicitly describe a HCL Verse Android code-e...
CVE-2020-4100
"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime;...
CVE-2019-15417
The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app versionCode=7, versionName=7.0.5 that allows unauthorized dynamic code...
Code injection
The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app versionCode=7, versionName=7.0.5 that allows unauthorized dynamic code...
CVE-2019-15417
The CVE-2019-15417 entry concerns a Tecno Spark Pro Android device (build TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys) with a pre-installed app, com.lovelyfont.defcontainer (versionCode 7, versionName 7.0.5), that allows unauthorized dynamic code loading via a conf...
CVE-2019-15417
The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app versionCode=7, versionName=7.0.5 that allows unauthorized dynamic code...
DECAF - Short for Dynamic Executable Code Analysis Framework
DECAF++, the new version of DECAF, taint analysis is around 2X faster making it the fastest, to the best of our knowledge, whole-system dynamic taint analysis framework. This results in a much better usability imposing only 4% overhead SPEC CPU2006 when no suspicious tainted input exists. Even...
Flare-Emu - Powered by IDA Pro and the Unicorn emulation framework that provides scriptable emulation features for the x86, x86_64, ARM, and ARM64 architectures to reverse engineers
flare-emu marries IDA Pro’s binary analysis capabilities with Unicorn’s emulation framework to provide the user with an easy to use and flexible interface for scripting emulation tasks. It is designed to handle all the housekeeping of setting up a flexible and robust emulator for its supported...
Joker Spyware Found in 24 Google Play Apps
A new spyware has been making the rounds in Android apps on Google Play, infecting victims post-download to steal their SMS messages, contact lists and device information. In addition to stealing victims’ information, the malware also stealthily signs them up for premium service subscriptions tha...
CVE-2019-11201
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the sam...
CVE-2019-11201
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the sam...
Code injection
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the sam...
CVE-2019-11201
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the sam...
Remote Code Execution (RCE)
dolibarr/dolibarr is vulnerable to remote code execution. The application does not restrict the usage of PHP commands and allows for remote attackers to add dynamic PHP code which could lead to execution of arbitrary OS commands...