DEBIAN-CVE-2022-38266

An issue in the Leptonica linked library v1.79.0 allows attackers to cause an arithmetic exception leading to a Denial of Service DoS via a crafted JPEG file...

UPX 缓冲区错误漏洞

UPX is a portable and extensible executable compression program. A security vulnerability exists in UPX version 4.0.0, which stems from a heap-based out-of-bounds read that can be implemented by an attacker via a carefully crafted Mach-O file to the invertptdynamic function of its plxelf.cpp...

CVE-2022-37769

libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted file...

CVE-2022-35861

pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. Shims are executables that pass a command along to a specific versio...

CVE-2022-32420

College Management System v1.0 was discovered to contain a remote code execution RCE vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file...

CVE-2022-32420

College Management System v1.0 was discovered to contain a remote code execution RCE vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file...

PT-2022-6476 · Libtiff +9 · Libtiff +9

Name of the Vulnerable Software and Affected Versions: libtiff version 4.4.0 Description: The issue is related to a Divide By Zero error in the tiffcrop function of libtiff, which can be exploited by attackers to cause a denial-of-service via a crafted tiff file. This can be achieved by a remote...

Beijing Lier Hexun Technology Urtracker Premium 跨站脚本漏洞

Beijing Lier Hexun Technology Urtracker Premium is a general-purpose Issue Tracking software from Beijing Lier Hexun Technology. It is designed to help organizations and teams establish various types of issue handling processes, manage all issues and track and record the handling of these issues,...

CVE-2022-30660

Adobe InDesign versions 17.2.1 and earlier and 16.4.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

The vulnerability of the Vim text editor, related to the pointer shifting beyond the selected memory range, allows a hacker to trigger a service failure.

The vulnerability of the Vim text editor is related to the pointer being moved beyond the selected memory range. Exploiting this vulnerability can allow an attacker to trigger a service failure using a specially created file...

The vulnerability of the CLI component of the Cisco SD-WAN vManage centralized network management system allows a attacker to execute arbitrary commands.

The vulnerability of the CLI component in the Cisco SD-WAN vManage centralized network management system is related to insecure privilege management. Exploiting this vulnerability could allow an attacker to execute arbitrary commands using a specially created file...

The vulnerability of the cmdline_erase_chars() function in the Vim text editor allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the cmdlineerasechars function in the Vim text editor is related to the issue of writing operations beyond the buffer’s boundaries into memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause a service failure using a specially created...

CVE-2022-28258

Acrobat Reader DC version 22.001.2011x and earlier, 20.005.3033x and earlier and 17.012.3022x and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this...

Autodesk AutoCAD 缓冲区错误漏洞

Autodesk AutoCAD is a suite of professional 3D drawing software from the American company Autodesk. A security vulnerability exists in Autodesk AutoCAD versions 2022, 2021, 2020, and 2019 that stems from a buffer overflow vulnerability in the software. The vulnerability can be exploited by an...

CVE-2021-21942

An out-of-bounds write vulnerability exists in the TIFF YCbCr image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...

PT-2022-9207 · Accusoft · Accusoft Imagegear

Name of the Vulnerable Software and Affected Versions: Accusoft ImageGear version 19.10 Description: A heap-based buffer overflow issue exists in the TIFF parser functionality. This can be triggered by a specially-crafted file, leading to a heap buffer overflow. An attacker can exploit this by...

The vulnerability of Adobe After Effects’ video and dynamic image editing software lies in its ability to read data beyond the buffer in memory, allowing attackers to gain unauthorized access to protected information.

The vulnerability of Adobe After Effects video and dynamic image editing software relates to reading beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected memory information in the context of the current user, using a...

The vulnerability of the DumpTrackInfo function in the MP4Box command of the GPAC multimedia platform, related to pointer assignment errors, allows a violator to trigger a service failure.

The vulnerability of the DumpTrackInfo function in the MP4Box multimedia platform’s command is related to pointer assignment errors. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a specially created file...

The vulnerability of the embedded software of NETGEAR routers such as R6400v2, R6700v3, R6900P, R7000, R7000P, RS400, and CBR40 arises from buffer overflow in the stack, allowing an attacker to execute arbitrary code.

The vulnerability of the embedded software of NETGEAR R6400v2, NETGEAR R6700v3, NETGEAR R6900P, NETGEAR R7000, NETGEAR R7000P, NETGEAR RS400, and NETGEAR CBR40 lies in buffer overflow in the stack. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code using a special...

The vulnerability of the software platform for developing and managing online stores Magento Commerce lies in insufficient validation of input data, allowing attackers to execute arbitrary code.

The vulnerability of the software platform for developing and managing online stores Magento Commerce is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the target system using a specially crafted PDF file...