PT-2022-26653 · Linaro · Lava

Name of the Vulnerable Software and Affected Versions: Linaro Automated Validation Architecture LAVA versions prior to 2022.10 Description: The issue is related to dynamic code execution in lava server/lavatable.py due to improper input sanitization. This allows an anonymous user to force the...

PT-2022-25431 · Crafter Cms · Crafter Studio

Name of the Vulnerable Software and Affected Versions: Crafter Studio of Crafter CMS affected versions not specified Description: The issue allows authenticated developers to execute OS commands via FreeMarker SSTI due to improper control of dynamically-managed code resources. Recommendations: At...

CVE-2022-1955

Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation...

CVE-2022-1955

Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation...

CVE-2022-1955

Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation...

CVE-2022-1955

Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation...

Authentication flaw

Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation...

CVE-2022-1955

CVE-2022-1955 affects the Session app (version 1.13.0). The root cause described across sources is a lack of adequate security controls to prevent dynamic code manipulation, enabling an attacker with physical access to bypass the password/pin lock and access user data. Public details in the docum...

Toll fraud malware: How an Android application can drain your wallet

Toll fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent, is one of the most prevalent types of Android malware – and it continues to evolve. Compared to other subcategories of billing fraud, which...

Toll fraud malware: How an Android application can drain your wallet

Toll fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent, is one of the most prevalent types of Android malware – and it continues to evolve. Compared to other subcategories of billing fraud, which...

Overview of Top Mobile Security Threats in 2022

Your smartphone is your daily companion. The chances are that most of our activities rely on them, from ordering food to booking medical appointments. However, the threat landscape always reminds us how vulnerable smartphones can be. Consider the recent discovery by Oversecured, a security startu...

CVE-2022-1716

Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation...

Authentication flaw

Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation...

PT-2022-14068 · Unknown · Keep My Notes

Name of the Vulnerable Software and Affected Versions: Keep My Notes version 1.80.147 Description: The issue allows an attacker with physical access to the victim's device to bypass the application's password/pin lock, accessing user data due to inadequate security controls that fail to prevent...

Dolibarr ERP and CRM Code Injection

Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the sam...

Low-rent RAT Worries Researchers

For about the price of a cup of Starbucks latte, a hacker is renting out a remote access trojan designed to backdoor targeted networks. Dubbed as Dark Crystal RAT or DCRat, the malware is being peddled online to hackers in Russian by a lone rookie malware writer with a penchant for cut-rate...

Mozilla: Incorrect AliasSet used in JIT Codegen

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability, this could have been used for an out-of-bounds memory read...

CVE-2021-42809

Improper Access Control of Dynamically-Managed Code Resources DLL in Thales Sentinel Protection Installer could allow the execution of arbitrary code...

Thales Sentinel Protection Installer 访问控制错误漏洞

Thales Group Thales Sentinel Protection Installer is an integrated installer from Thales Group, France. The Thales Sentinel Protection Installer suffers from an access control error vulnerability that stems from improper access control to dynamically managed code resources DLLs in the Thales...

What is RCE (Remote code execution) attack ❓ Prevention methods

What is Remote Code Execution? Remote Code Execution or execution, also known as Arbitrary Code Execution, is a concept that describes a form of cyberattack in which the attacker can solely command the operation of another person’s computing device or computer. RCE takes place when malicious...