164 matches found
Microsoft Windows Remote Procedure Call Runtime 代码注入漏洞
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A remote code execution vulnerability exists in the "Remote Procedure Call Runtime" in Microsoft Windows an...
Google Android Android runtime elevation of privilege vulnerability
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the Android runtime component of Google Android 11. An attacker can exploit the vulnerability to cause a local...
CVE-2021-21297 Prototype Pollution in Node-Red
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default...
Google Android Android runtime information disclosure vulnerability (CNVD-2021-22975)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An information disclosure vulnerability exists in Android runtime in Google Android 8.1, 9, 10, and 11. An attacker can exploit this vulnerability to obtain sensiti...
Microsoft Windows Remote Procedure Call Runtime 安全漏洞
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A remote code execution vulnerability exists in Microsoft Windows/Windows Server "Remote...
The vulnerability of the Windows Runtime component of the Windows operating system allows attackers to elevate their privileges and execute arbitrary code.
The vulnerability of the Windows Runtime component of the Windows operating system is related to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute malicious code through a specially created application...
Security Bulletin: IBM Java Runtime Vulnerability Affects IBM Secure Proxy (CVE-2020-2654)
Summary IBM Secure Proxy has addressed the applicable vulnerability in IBM® Runtime Environment Java™ Version 1.8. Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to...
The vulnerability of the Windows Runtime component of the Windows operating system allows attackers to elevate their privileges and execute arbitrary code.
The vulnerability of the Windows Runtime component of the Windows operating system is related to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code using a specially created application...
Security Bulletin: A vulnerability in the IBM Java Runtime affects IBM Rational ClearCase (CVE-2020-2654)
Summary There is a vulnerability in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearCase. This issue was disclosed as part of the IBM Java SDK updates in January 2020 deferred from Oracle Jan 2020 CPU. Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION...
The vulnerability of the Windows Runtime component of the Windows operating system allows attackers to elevate their privileges and execute arbitrary code.
The vulnerability of the Windows Runtime component of the Windows operating system is related to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code using a specially created application...
Microsoft Store Runtime Elevation of Privilege Vulnerability (CNVD-2021-25014)
Microsoft Store Runtime is an application store software from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Store Runtime, which arises from a failure of the program to properly handle memory and can be exploited by an attacker to gain elevation of privilege by runnin...
Microsoft Windows Runtime Elevation of Privilege Vulnerability (CNVD-2021-31215)
Microsoft Windows Runtime .net framework is an essential functional support library for the Windows operating system from Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Runtime, which arises from a program that does not properly handle objects in memory, and can be...
BSON ObjectID Input Validation Error Vulnerability
BSON ObjectID is a module for creating and parsing ObjectIDs for use in Node.js. An input validation error vulnerability exists in BSON ObjectID version 1.3.0 for Node.js. The vulnerability stems from a network system or product that does not properly validate input data. An attacker could use th...
Google Android Android runtime information disclosure vulnerability
Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An information disclosure vulnerability exists in Android runtime in Google Android 8.1, which can be exploited by attackers to obtain sensitive information...
Denial Of Service (DoS)
runtime/hashmap in github.com/golang/go is vulnerable to denial of service DoS attacks. The vulnerability exists because it uses uintptr in overLoadFactor of hashmap.go. With large number of potential buckets, a malicious user or a coding error can cause an infinite loop via overflow in 32-bit...
UBUNTU-CVE-2015-8046
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary...
OpenJDK: javax.xml.transform.TransformerFactory does not properly honor XMLConstants.FEATURE_SECURE_PROCESSING (JAXP, 8012425)
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via...
JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs...
OpenJDK: Resource denial of service (AWT, 8001038)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the...
OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous...