CVE-2024-40673

In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...

PT-2024-28980 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Java affected versions not specified Description: The issue allows an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional...

ASB-A-309938635

In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...

PT-2024-8549

Name of the Vulnerable Software and Affected Versions Chamilo LMS affected versions not specified Description The issue is related to the lack of measures to neutralize instructions in dynamically executed code in the Chamilo LMS electronic learning and content management system. Exploitation of...

VulnCheck KEV: CVE-2023-50386

Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...

Arbitrary Code Execution

@thi.ng/paths is vulnerable to arbitrary code execution. The vulnerability is due to improper control of dynamically-managed code resources due to the handling of object properties in the mutIn and mutInManyUnsafe methods...

BIT-SOLR-2023-50386 Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets

Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...

DEBIAN-CVE-2023-50292

Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...

Apache Solr Code Issue Vulnerability

Apache Solr is the United States Apache Apache Foundation of a search server based on Lucene a full-text search engine. The product supports level search , vertical search , highlighting search results and so on. A code issue vulnerability exists in Apache Solr versions 6.0.0 through 8.11.2 and...

PT-2024-1066 · Openvpn · Openvpn Connect

Name of the Vulnerable Software and Affected Versions: OpenVPN Connect versions 3.0 through 3.4.6 Description: The issue is related to the failure to neutralize instructions in dynamically executed code. Exploitation of this issue may allow an attacker to execute arbitrary code using the DYLD...

Malicious Apps Use Sneaky Versioning Technique to Bypass Google Play Store Scanners

Threat actors are leveraging a technique called versioning to evade Google Play Store's malware detections and target Android users. "Campaigns using versioning commonly target users' credentials, data, and finances," Google Cybersecurity Action Team GCAT said in its August 2023 Threat Horizons...

CVE-2023-0888

An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device...

Android 14 developer preview highlights multiple security improvements

Android developers have been given a taste of whats to come in the next big step up in mobile land, thanks to Android 14 waiting on the horizon. The developer preview is a great way for those most familiar with the mobile operating system to see which changes theyll enjoy and what ones theyll hav...

Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks

The legitimate command-and-control C2 framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit. The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week. Sliver...

Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks

The legitimate command-and-control C2 framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit. The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week. Sliver...

Debian dla-3192 : lava - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3192 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3192-1 [email protected] https://www.debian.org/lts/security/...

Debian DSA-5260-1 : lava - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5260 advisory. - In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an...

CVE-2022-42902

In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...

Input validation

In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...

CVE-2022-42902

CVE-2022-42902 affects Linaro Automated Validation Architecture (LAVA); in versions prior to 2022.10, lava_server/lavatable.py allows remote code execution due to improper input sanitization, enabling an anonymous user to cause lava-server-gunicorn to run user-provided code. Debian advisories (DL...