Remote Code Execution (RCE)

Apache Chainsaw in log4j is vulnerable to remote code execution. The vulnerability exists due to a deserialization of untrusted object vulnerability allowing an attacker to execute maliciously scripted code via the system...

CVE-2022-23307 A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists...

Apache Log4j 1.x Multiple Vulnerabilities (Linux/Unix, Jan 2022) - Version Check

Apache Log4j is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:log4j"; ifdescription...

Worktime 10.20 Build 4967 DLL Hijacking

/ Description: A vulnerability exists in windows that allows other applications dynamic link libraries to execute malicious code without the users consent, in the privelage context of the targeted application. Exploit Title: Worktime 10.20 Build 4967 DLL Hijacking Exploit Date: 15/01/2022 Author:...

CVE-2021-40010

The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability may result in malicious code execution...

Design/Logic Flaw

The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability may result in malicious code execution...

Huawei HarmonyOS Buffer Overflow Vulnerability (CNVD-2022-66183)

Huawei HarmonyOS is an operating system from Huawei, China. Huawei HarmonyOS bone voice ID TA is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause malicious code execution...

CVE-2021-40010

The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability may result in malicious code execution...

PT-2022-11132 · Unknown · Bone Voice Id Ta

Name of the Vulnerable Software and Affected Versions: bone voice ID TA affected versions not specified Description: The bone voice ID TA has a heap overflow issue. Successful exploitation of this issue may result in malicious code execution. Recommendations: At the moment, there is no informatio...

CVE-2021-37002

There is a Memory out-of-bounds access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause malicious code to be executed...

rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source

A flaw was found in the way Bundler determined the source repository when installing dependencies of source-restricted gem packages. In configurations that use multiple gem repositories and explicitly define from which source repository certain gems are to be installed, a dependency of a...

Foxit PDF Editor Remote Code Execution Vulnerability

Foxit PDF Editor is a PDF editor from Foxit, a Chinese company. A security vulnerability exists in Foxit PDF Editor, which stems from the fact that the product does not verify the existence of an Annotation object before operating on it. The vulnerability can be exploited to cause malicious code...

Cross-site Scripting (XSS) - Stored in ampache/ampache

✍️ Description This is a stored XSS in the mp3 management library. 🕵️‍♂️ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Open "Album" menu: 💥 Impact By uploading an mp3 with javascript code into meta tag could permit an attacker to execute...

CVE-2021-27930

Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated or compromised user to inject malicious JavaScript in folder/file name within the application in order to grab other users’ sessions or execute malicious code in their browsers 1-click RCE...

Huawei HarmonyOS 缓冲区错误漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS Phones and Tablets A buffer error vulnerability exists in some Huawei products. Successful exploitation of the vulnerability could lead to...

Huawei HarmonyOS 缓冲区错误漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS Phones and Tablets A buffer error vulnerability exists in some Huawei products. Successful exploitation of the vulnerability could lead to...

Huawei HarmonyOS 缓冲区错误漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS Phones and Tablets A buffer error vulnerability exists in some Huawei products. Successful exploitation of the vulnerability could lead to...

CVE-2020-9493

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution...

Deserialization of untrusted data

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution...

CVE-2020-9493 Java deserialization in Chainsaw

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution...