Page 2 of 33 results (0.006 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version 0.5.2-pre2-alpha is able to address this issue. It is recommended to upgrade the affected component. • https://github.com/Calsign/APDE/commit/c6d64cbe465348c1bfd211122d89e3117afadecf https://github.com/Calsign/APDE/releases/tag/v0.5.2-pre2-alpha https://vuldb.com/?id.216747 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

decoding.c in android-gif-drawable before 1.2.24 does not limit the maximum length of a comment, leading to denial of service. El archivo decoding.c en android-gif-drawable versiones anteriores a 1.2.24, no limita la longitud máxima de un comentario, conllevando a una denegación de servicio • https://github.com/koral--/android-gif-drawable/commit/9f0f0c89e6fa38548163771feeb4bde84b828887 https://github.com/koral--/android-gif-drawable/compare/v1.2.23...v1.2.24 •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application's data on the Android device. We recommend all users update Play Core to version 1.7.2 or later. Se presenta una vulnerabilidad de ejecución de código arbitraria local en el endpoint SplitCompat.install en Play Core Library de Android versiones anteriores a 1.7.2. Un atacante malicioso podría crear un apk que apunte a una aplicación específica, y si una víctima estaba instalando este apk, el atacante podría llevar a cabo un salto de directorio, ejecutar código como la aplicación de destino y acceder a los datos de la aplicación de destino en el dispositivo Android. • https://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library https://developer.android.com/reference/com/google/android/play/core/release-notes#1-7-2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-281: Improper Preservation of Permissions •

CVSS: 8.8EPSS: 3%CPEs: 2EXPL: 17

A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image. Una vulnerabilidad doble gratuita en la función DDGifSlurp en decoding.c en la biblioteca android-gif-drawable antes de la versión 1.2.18, como se usa en WhatsApp para Android antes de la versión 2.19.244 y muchas otras aplicaciones de Android, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio cuando la biblioteca se utiliza para analizar una imagen GIF especialmente diseñada. Whatsapp version 2.19.216 suffers from a remote code execution vulnerability. • https://github.com/AshuJaiswal109/CVE-2019-11932 https://www.exploit-db.com/exploits/47515 https://github.com/awakened1712/CVE-2019-11932 https://github.com/dorkerdevil/CVE-2019-11932 https://github.com/valbrux/CVE-2019-11932-SupportApp https://github.com/fastmo/CVE-2019-11932 https://github.com/mRanonyMousTZ/CVE-2019-11932-whatsApp-exploit https://github.com/TulungagungCyberLink/CVE-2019-11932 https://github.com/infiniteLoopers/CVE-2019-11932 https://github.com/SmoZy92/CVE-2019-11932 • CWE-415: Double Free •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks. node-bsdiff-android descarga recursos binarios por HTTP, lo que lo deja vulnerable a ataques MITM. • https://nodesecurity.io/advisories/234 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •