Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...

Siemens Teamcenter Visualization and JT2Go Memory Misreference Vulnerability

Siemens Teamcenter Visualization is a team collaboration software for designing 2D and 3D scenes. Siemens JT2GO is a JT file viewer. Siemens Teamcenter Visualization and JT2Go are vulnerable to a memory mis-reference vulnerability that could be exploited by attackers to execute code in the contex...

Siemens Teamcenter Visualization and JT2Go Out-of-Bounds Read Vulnerability

Siemens Teamcenter Visualization is a team collaboration software for designing 2D and 3D scenes. Siemens JT2GO is a JT file viewer. Siemens Teamcenter Visualization and JT2Go are vulnerable to an out-of-bounds read vulnerability that can be exploited by attackers to execute code in the context o...

Siemens Parasolid out-of-bounds write vulnerability (CNVD-2022-87978)

An out-of-bounds write vulnerability exists in Siemens Parasolid, a geometric modeling kernel from Siemens, Germany, due to an out-of-bounds write beyond the end of the allocation structure contained in a specially crafted XB file parsed by the affected application. The vulnerability allows an...

Siemens Parasolid out-of-bounds write vulnerability (CNVD-2022-87977)

An out-of-bounds write vulnerability exists in Siemens Parasolid, a geometric modeling kernel from Siemens, Germany, due to an out-of-bounds write beyond the end of the allocation structure contained in a specially crafted XB file parsed by the affected application. The vulnerability allows an...

Arbitrary Code Injection

Overview sketchsvg is a Command line tool used to convert and compress Sketch Icons/images to SVG and base64 formats. Affected versions of this package are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current...

CISA Releases Three Industrial Control Systems Advisories

CISA has released three 3 Industrial Control Systems ICS advisories on December 13, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories...

CVE-2022-2993

CVE-2022-2993 affects Zephyr RTOS (3.1 and earlier). The issue is an error in the condition of the last if-statement in the function smp_check_keys, causing rejection of current keys when all requirements are unmet. Public sources describe it as a design/logic flaw in key validation, with potenti...

Slackware: Security Advisory (SSA:2022-343-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] libarchive

New libarchive packages are available for Slackware 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libarchive-3.6.2-i586-1slack15.0.txz: Upgraded. This is a bugfix and security release. Relevant bugfixes: rar5 reader...

Slackware: Security Advisory (SSA:2022-342-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GSD-2022-1008059 sctp: clear out_curr if all frag chunks of current msg are pruned

sctp: clear outcurr if all frag chunks of current msg are pruned This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.156 by commit...

GSD-2022-1007769 drm/amdkfd: Migrate in CPU page fault use current mm

drm/amdkfd: Migrate in CPU page fault use current mm This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.9 by commit...

GSD-2022-1007762 sctp: clear out_curr if all frag chunks of current msg are pruned

sctp: clear outcurr if all frag chunks of current msg are pruned This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.10 by commit...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-102.5.1-i686-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. For mo...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : supportutils (SUSE-SU-2022:4278-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:4278-1 advisory. Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt...

emacs -- arbitary shell command execution vulnerability of ctags

lu4nx reports: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggeste...

Slackware: Security Advisory (SSA:2022-328-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2022-1669236934 vim: Fix of CVE-2022-3352

CVE-2022-3352: disallow deleting the current buffer to avoid using freed memory...

Foxit PDF Reader U3D File Parsing Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...