216 matches found
CVE-2020-9239
Huawei smartphones BLA-A09 versions 8.0.0.123C212,versions earlier than 8.0.0.123C567,versions earlier than 8.0.0.123C797;BLA-TL00B versions earlier than 8.1.0.326C01;Berkeley-L09 versions earlier than 8.0.0.163C10,versions earlier than 8.0.0.163C432,Versions earlier than 8.0.0.163C636,Versions...
CVE-2020-9235
Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230C432E9R5P1,Versions earlier than 10.1.0.231C10E3R3P2,Versions earlier than 10.1.0.231C185E3R5P1,Versions earlier than 10.1.0.231C636E3R3P1;Versions earlier than 10.1.0.212C432E10R3P4,Versions earlier than 10.1.0.213C636E3R4P3,Version...
CVE-2020-9235
Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230C432E9R5P1,Versions earlier than 10.1.0.231C10E3R3P2,Versions earlier than 10.1.0.231C185E3R5P1,Versions earlier than 10.1.0.231C636E3R3P1;Versions earlier than 10.1.0.212C432E10R3P4,Versions earlier than 10.1.0.213C636E3R4P3,Version...
nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
Cheetah free wifi input validation error vulnerability
Cheetah free wifi is a calculator wireless network sharing software from China Cheetah Mobile Cheetah. An input validation error vulnerability exists in the liebaonat.sys file in Cheetah free wifi version 5.1, which originates from the program not validating the input value of IOCtl 0x830020f8,...
CVE-2020-13756
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors or getSelectorsBySpecificity is called with input from an attacker...
CVE-2020-12754
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A crafted application can obtain control of device input via the window system service. The LG ID is LVE-SMP-170011 May 2020...
CVE-2020-12754
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A crafted application can obtain control of device input via the window system service. The LG ID is LVE-SMP-170011 May 2020...
Command Injection
Overview diskusage-ng is a package that get disk usage info in pure JavaScript and without any dependencies. Affected versions of this package are vulnerable to Command Injection. The argument path can be controlled by users without any sanitization. PoC var root = require"diskusage-ng"; root...
CVE-2020-8137
Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker...
git: Arbitrary path overwriting via export-marks in-stream command feature
A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite arbitrary paths. An attacker can abuse this flaw if they can control the input passed to the fast-import command by using the export-marks feature and overwrite arbitrary...
git: Arbitrary path overwriting via export-marks in-stream command feature
A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite arbitrary paths. An attacker can abuse this flaw if they can control the input passed to the fast-import command by using the export-marks feature and overwrite arbitrary...
CVE-2019-15598
A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command...
CVE-2019-15598
A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command...
CVE-2019-15599
A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command...
CVE-2019-1348
A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite arbitrary paths. An attacker can abuse this flaw if they can control the input passed to the fast-import command by using the export-marks feature and overwrite arbitrary...
CVE-2016-10894
xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to and thus control various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks by depressing the touchpad once and th...
Design/Logic Flaw
xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to and thus control various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks by depressing the touchpad once and th...
The vulnerability of the SnCloneVault.sys driver of the Secret Net Studio information protection system, which allows a hacker to trigger a service failure.
The vulnerability of the SnCloneVault.sys driver of the Secret Net Studio information protection system is related to deficiencies in data input control within the driver. Exploiting this vulnerability can allow attackers to cause service failures...
STOPzilla AntiMalware Arbitrary Write Vulnerability
STOPzilla AntiMalware is a malware removal software. An arbitrary write vulnerability exists in the driver file szkg64.sys in STOPzilla AntiMalware 6.5.2.59. The vulnerability stems from an unverified output buffer address value starting at IOCtl 0x80002063. An attacker can exploit this...