CVE-2024-21469

Memory corruption when an invoke call and a TEE call are bound for the same trusted application...

CVE-2024-21469

CVE-2024-21469 is mapped to Qualcomm TZ Secure OS / embedded platform where memory corruption occurs when an invoke call and a TEE call are bound to the same trusted application. The Red Hat/Qualcomm/PT-Security entries describe the issue as memory corruption with potential for arbitrary code exe...

SUSE CVE-2024-38572

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix out-of-bound access of qmiinvokehandler Currently, there is no terminator entry for ath12kqmimsghandlers hence facing below KASAN warning, ================================================================== BUG:...

DEBIAN-CVE-2024-38572

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix out-of-bound access of qmiinvokehandler Currently, there is no terminator entry for ath12kqmimsghandlers hence facing below KASAN warning, ================================================================== BUG:...

CVE-2023-43538

Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization...

CVE-2023-43538 Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in TZ Secure OS

Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization...

CVE-2023-43538 Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in TZ Secure OS

Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization...

PT-2024-13111 · Unknown · Tz Secure Os

Name of the Vulnerable Software and Affected Versions: TZ Secure OS affected versions not specified Description: The issue concerns memory corruption in TZ Secure OS during the initialization of the Tunnel Invoke Manager. Recommendations: At the moment, there is no information about a newer versi...

CVE-2024-22131

In SAP ABA Application Basis - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions...

PT-2024-5261 · Qualcomm · Qualcomm Embedded Platform

Name of the Vulnerable Software and Affected Versions: Qualcomm embedded platform software affected versions not specified Description: The issue is related to a memory corruption problem that occurs when an invoke call and a TEE call are bound for the same trusted application. It is also...

Tater

It is an offensive tool for Windows Privilege Escalation. The primary CVE ID is not explicitly mentioned, but the tool is based on the Hot Potato Windows Privilege Escalation exploit, which is a known vulnerability. The target product/service is Windows, and the vulnerability class/vector is...

NimExec - Fileless Command Execution For Lateral Movement In Nim

Basically, NimExec is a fileless remote command execution tool that uses The Service Control Manager Remote Protocol MS-SCMR. It changes the binary path of a random or given service run by LocalSystem to execute the given command on the target and restores it later via hand-crafted RPC packets...

The vulnerability of the InvokeHTTP component in the Apache NiFi MiNiFi data processing platform, which exists due to insufficient verification of certificate authenticity, allows attackers to compromise data integrity.

The vulnerability of the InvokeHTTP component in the Apache NiFi MiNiFi data processing platform exists due to insufficient verification of certificate authenticity. Exploiting this vulnerability allows an attacker to compromise data integrity from a remote location...

Home Assistant Companion Cross-Site Request Forgery Vulnerability

Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. A security vulnerability exists in Home Assistant Companion versions prior to 2023.7 that stems from the presence of a client request forgery vulnerability. An...

RecycledInjector - Native Syscalls Shellcode Injector

Currently Fully Undetected same-process native/.NET assembly shellcode injector based on RecycledGate by thefLink, which is also based on HellsGate + HalosGate + TartarusGate to ensure undetectable native syscalls even if one technique fails. To remain stealthy and keep entropy on the final...

GHSA-8MJR-6C96-39W8 pydash Command Injection vulnerability

This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...

PYSEC-2023-179

This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...

Command Injection

Overview pydash is a The kitchen sink of Python utility libraries for doing "stuff" in a functional way. Based on the Lo-Dash Javascript library. Affected versions of this package are vulnerable to Command Injection. A number of pydash methods such as pydash.objects.invoke and...

GreenShot 1.2.10 Arbitrary Code Execution

Exploit Title: GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution Date: 26/07/2023 Exploit Author: p4r4bellum Vendor Homepage: https://getgreenshot.org Software Link: https://getgreenshot.org/downloads/ Version: 1.2.6.10 Tested on: windows 10.0.19045 N/A build 19045 CVE :...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in .NET source generator for P/Invokes that can lead to generated code freeing uninitialized memory and crashing. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-arm to...