The vulnerability of Adobe InDesign’s computer layout automation tool, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, using a specially crafted file...

Cost Calculator <= 1.4 - Contributor+ Local File Inclusion

The plugin allows users with a role as low as Contributor to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout As a contributor, create a Cost Calculator post, set the Layout to /../../../../../../../../../../file assuming the file to...

Adobe Character Animator 缓冲区错误漏洞

Adobe Character Animator is a motion capture and animation tool from Adobe. Adobe Character Animator 2021 4.4 and earlier versions contain an out-of-bounds read vulnerability that can be exploited by attackers to bypass mitigations such as ASLR and cause sensitive memory leaks...

WordPress Smart Grid-Layout Design for Contact Form 7 plugin <= 4.11.8 - Authenticated Arbitrary File Deletion vulnerability

Authenticated Arbitrary File Deletion vulnerability discovered in WordPress Smart Grid-Layout Design for Contact Form 7 plugin versions = 4.11.8. Solution Update the WordPress Smart Grid-Layout Design for Contact Form 7 plugin to the latest available version at least 4.11.9...

CVE-2021-40729

Adobe Acrobat Reader DC version 21.007.20095 and earlier, 21.007.20096 and earlier, 20.004.30015 and earlier, and 17.011.30202 and earlier is affected by a out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass...

CVE-2021-30627

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Type confusion

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2021-30627

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-30627

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-30627

CVE-2021-30627 describes a type confusion in Blink layout in Google Chrome prior to 93.0.4577.82, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. The connected documents identify the same description across multiple sources (Astra Linux security...

CVE-2021-30627

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-30627

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Input validation

In ellipsize of Layout.java, there is a possible ANR due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Androi...

Samsung SMR 安全漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A security vulnerability exists in versions prior to Samsung SMR Oct-2021 Release 1, which stems from information leakage in the Widevine TA logs, allowing an attacker to exploit t...

The vulnerability in the `drivers/net/ethernet/xilinx/xilinx_emaclite.c` component of the Linux operating system allows a hacker to bypass the ASLR protection mechanism.

The vulnerability in the drivers/net/ethernet/xilinx/xilinxemaclite.c component of the Linux kernel is related to the use of uninitialized memory. Exploiting this vulnerability could allow an attacker to bypass the ASLR protection mechanism...

CVE-2021-39833

Adobe Framemaker versions 2019 Update 8 and earlier and 2020 Release Update 2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this...

GHSA-VRXP-MG9F-HWF3 Improperly Implemented path matching for in-toto-golang

Impact Authenticated attackers posing as functionaries i.e., within a trusted set of users for a layout are able to create attestations that may bypass DISALLOW rules in the same layout. An attacker with access to trusted private keys, may issue an attestation that contains a disallowed artifact ...

Chromium: CVE-2021-30631 Type Confusion in Blink layout

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2021-30627 Type Confusion in Blink layout

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Information Disclosure

chromium is vulnerable to information disclosure. The vulnerability exists due to a type Confusion in Blink layout...