cling 代码问题漏洞

cling is a UPnP/DLNA library for Java and Android. A code issue exists in 4thline cling versions 2.0.0 through 2.1.2, which is a Denial of Service vulnerability that stems from not validating the CALLBACK parameter in the header...

CVE-2022-21675

Bytecode Viewer BCV is a Java/Android reverse engineering suite. Versions of the package prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames e.g...

Directory traversal

Bytecode Viewer BCV is a Java/Android reverse engineering suite. Versions of the package prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames e.g...

CVE-2022-21675 Bytecode Viewer v2.10.x Zip Slip

Bytecode Viewer BCV is a Java/Android reverse engineering suite. Versions of the package prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames e.g...

Information disclosure

In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User...