SUSE CVE-2022-41649

A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger...

Vulnerability of the PM_io parser function: <PMDEC>::read_hedge() -> set_face(). This component is part of the Nef_2/PM_io parser library, a library of computational geometry algorithms (CGAL). It allows an attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the PMioparser function is related to unvalidated array indexing. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures through a specially created file. This vulnerability is present in the...

PT-2023-7929 · Tenable · Nessus

Name of the Vulnerable Software and Affected Versions: Nessus versions 8.10.1 through 8.15.8 Nessus versions 10.0.0 through 10.4.1 Description: The issue is related to insufficient input validation, which can be exploited by a remote attacker to elevate privileges to root or NT AUTHORITY/SYSTEM o...

The vulnerabilities of Microsoft Office packages, Microsoft 365 Apps for Enterprise, Microsoft SharePoint, Microsoft Excel, and Microsoft Office Web Apps Server are due to insufficient validation of input data. This allows attackers to disclose protected information.

The vulnerability of Microsoft Office packages, Microsoft 365 Apps for Enterprise, Microsoft SharePoint, Microsoft Excel, and Microsoft Office Web Apps Server exists due to insufficient validation of input data. Exploiting this vulnerability can allow attackers to disclose sensitive information...

UPX 缓冲区错误漏洞

UPX is a portable and extensible executable compression program. A security vulnerability exists in UPX version 4.0.0, which stems from a heap-based out-of-bounds read that can be implemented by an attacker via a carefully crafted Mach-O file to the invertptdynamic function of its plxelf.cpp...

CVE-2022-37769

libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted file...

CVE-2022-32420

College Management System v1.0 was discovered to contain a remote code execution RCE vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file...

The vulnerability of the Vim text editor, related to the pointer shifting beyond the selected memory range, allows a hacker to trigger a service failure.

The vulnerability of the Vim text editor is related to the pointer being moved beyond the selected memory range. Exploiting this vulnerability can allow an attacker to trigger a service failure using a specially created file...

The vulnerability of the CLI component of the Cisco SD-WAN vManage centralized network management system allows a attacker to execute arbitrary commands.

The vulnerability of the CLI component in the Cisco SD-WAN vManage centralized network management system is related to insecure privilege management. Exploiting this vulnerability could allow an attacker to execute arbitrary commands using a specially created file...

The vulnerability of the cmdline_erase_chars() function in the Vim text editor allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the cmdlineerasechars function in the Vim text editor is related to the issue of writing operations beyond the buffer’s boundaries into memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause a service failure using a specially created...

CVE-2022-28258

Acrobat Reader DC version 22.001.2011x and earlier, 20.005.3033x and earlier and 17.012.3022x and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this...

CVE-2021-21942

An out-of-bounds write vulnerability exists in the TIFF YCbCr image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

PT-2022-9207 · Accusoft · Accusoft Imagegear

Name of the Vulnerable Software and Affected Versions: Accusoft ImageGear version 19.10 Description: A heap-based buffer overflow issue exists in the TIFF parser functionality. This can be triggered by a specially-crafted file, leading to a heap buffer overflow. An attacker can exploit this by...

The vulnerability of Adobe After Effects’ video and dynamic image editing software lies in its ability to read data beyond the buffer in memory, allowing attackers to gain unauthorized access to protected information.

The vulnerability of Adobe After Effects video and dynamic image editing software relates to reading beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected memory information in the context of the current user, using a...

The vulnerability of the DumpTrackInfo function in the MP4Box command of the GPAC multimedia platform, related to pointer assignment errors, allows a violator to trigger a service failure.

The vulnerability of the DumpTrackInfo function in the MP4Box multimedia platform’s command is related to pointer assignment errors. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a specially created file...

The vulnerability of the embedded software of NETGEAR routers such as R6400v2, R6700v3, R6900P, R7000, R7000P, RS400, and CBR40 arises from buffer overflow in the stack, allowing an attacker to execute arbitrary code.

The vulnerability of the embedded software of NETGEAR R6400v2, NETGEAR R6700v3, NETGEAR R6900P, NETGEAR R7000, NETGEAR R7000P, NETGEAR RS400, and NETGEAR CBR40 lies in buffer overflow in the stack. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code using a special...

The vulnerability of the software platform for developing and managing online stores Magento Commerce lies in insufficient validation of input data, allowing attackers to execute arbitrary code.

The vulnerability of the software platform for developing and managing online stores Magento Commerce is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the target system using a specially crafted PDF file...

The vulnerability of the ImageIO component in operating systems such as iPadOS, watchOS, iOS, tvOS, Mac OS, and the iCloud service allows attackers to execute arbitrary code on the target system.

The vulnerability of the ImageIO component in operating systems such as iPadOS, watchOS, iOS, tvOS, Mac OS, and the iCloud service is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code on the target system using...

UBUNTU-CVE-2021-36409

There is an Assertion scalinglistpredmatrixiddelta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service DoS by running the application with a crafted file or possibly have unspecified other impact...

The vulnerability of Adobe InDesign’s automation tool for computer design, related to reading data beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to reading data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially crafted file...