CVE-2020-36628 – Calsign APDE ZIP File CopyBuildTask.java handleExtract path traversal
https://notcve.org/view.php?id=CVE-2020-36628
A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version 0.5.2-pre2-alpha is able to address this issue. It is recommended to upgrade the affected component. • https://github.com/Calsign/APDE/commit/c6d64cbe465348c1bfd211122d89e3117afadecf https://github.com/Calsign/APDE/releases/tag/v0.5.2-pre2-alpha https://vuldb.com/?id.216747 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-23435
https://notcve.org/view.php?id=CVE-2022-23435
decoding.c in android-gif-drawable before 1.2.24 does not limit the maximum length of a comment, leading to denial of service. El archivo decoding.c en android-gif-drawable versiones anteriores a 1.2.24, no limita la longitud máxima de un comentario, conllevando a una denegación de servicio • https://github.com/koral--/android-gif-drawable/commit/9f0f0c89e6fa38548163771feeb4bde84b828887 https://github.com/koral--/android-gif-drawable/compare/v1.2.23...v1.2.24 •
CVE-2019-11932 – Whatsapp 2.19.216 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-11932
A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image. Una vulnerabilidad doble gratuita en la función DDGifSlurp en decoding.c en la biblioteca android-gif-drawable antes de la versión 1.2.18, como se usa en WhatsApp para Android antes de la versión 2.19.244 y muchas otras aplicaciones de Android, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio cuando la biblioteca se utiliza para analizar una imagen GIF especialmente diseñada. Whatsapp version 2.19.216 suffers from a remote code execution vulnerability. • https://github.com/AshuJaiswal109/CVE-2019-11932 https://www.exploit-db.com/exploits/47515 https://github.com/awakened1712/CVE-2019-11932 https://github.com/dorkerdevil/CVE-2019-11932 https://github.com/valbrux/CVE-2019-11932-SupportApp https://github.com/fastmo/CVE-2019-11932 https://github.com/mRanonyMousTZ/CVE-2019-11932-whatsApp-exploit https://github.com/TulungagungCyberLink/CVE-2019-11932 https://github.com/infiniteLoopers/CVE-2019-11932 https://github.com/SmoZy92/CVE-2019-11932 • CWE-415: Double Free •
CVE-2016-10641
https://notcve.org/view.php?id=CVE-2016-10641
node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks. node-bsdiff-android descarga recursos binarios por HTTP, lo que lo deja vulnerable a ataques MITM. • https://nodesecurity.io/advisories/234 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •
CVE-2017-1002003 – Wp2android <= 1.1.4 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2017-1002003
Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. Existe una vulnerabilidad en el plugin wp2android-turn-wp-site-into-android-app v1.1.4 de WordPress. Este plugin incluye software CMS vulnerable sin licencia de http://www.invedion.com/. The Wp2android plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/server/images.php file in versions up to, and including, 1.1.4. That combined with the ability to directly access the file makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. • https://www.exploit-db.com/exploits/41540 http://www.securityfocus.com/bid/96908 http://www.vapidlabs.com/advisory.php?v=182 https://wordpress.org/plugins-wp/wp2android-turn-wp-site-into-android-app • CWE-434: Unrestricted Upload of File with Dangerous Type •