CVE-2022-41704

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16...

CVE-2022-42890

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16...

Apache XML Graphics Batik 代码问题漏洞

Apache XML Graphics Batik is a suite of Java-based applications from the Apache Foundation that are primarily used to process images in SVG format. A security vulnerability exists in Apache XML Graphics Batik versions prior to 1.16, which stems from a problem with Batik that allows an attacker to...

Apache XML Graphics Batik 代码问题漏洞

Apache XML Graphics Batik is a suite of Java-based applications from the Apache Foundation that are primarily used to process images in SVG format. A security vulnerability exists in versions of Apache XML Graphics prior to 1.16 that stems from a problem with Batik that allows an attacker to run...

The vulnerability of the Adobe Photoshop graphic editor lies in the overflow of buffer in dynamic memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Adobe Photoshop graphic editor is related to overflow in the dynamic memory of the buffer. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created SVG file...

The vulnerability of Adobe InDesign’s computer layout automation tool, related to buffer overflow in dynamic memory, allows attackers to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to overflowing buffers in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created SVG file...

The vulnerability of the Adobe InCopy text creation and editing software lies in the reading of data outside the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Adobe InCopy text creation and editing software relates to the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created SVG file...

SAP 3D Visual Enterprise Viewer 缓冲区错误漏洞

SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP, Germany. The software supports the publishing of 2D and 3D scenes in all industry-standard desktop applications and supports separate installation as a stand-alone executable program and ActiveX space. A buffer overflow vulnerability...

PT-2022-25723 · Sap · Sap 3D Visual Enterprise Viewer

Name of the Vulnerable Software and Affected Versions: SAP 3D Visual Enterprise Viewer version 9 Description: The issue arises due to improper memory management. When a victim opens a manipulated Scalable Vector Graphic .svg, .svg.x3d file from untrusted sources, it can trigger a Remote Code...

CVE-2022-3137

The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...

CVE-2022-3137

The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...

CVE-2022-1755

The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks...

WordPress plugin SVG Support 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2022-14088 · WordPress · Svg Support

Name of the Vulnerable Software and Affected Versions: SVG Support WordPress plugin versions prior to 2.5 Description: The issue arises from the improper handling of SVG files added via a URL, potentially allowing users with a role as low as author to perform Cross-Site Scripting attacks...

PT-2022-25360 · Unknown · Ajaxplorer

Name of the Vulnerable Software and Affected Versions: AjaXplorer version 4.2.3 Description: An issue in AjaXplorer allows attackers to cause cross-site scripting vulnerabilities via a crafted svg file upload. Recommendations: For AjaXplorer version 4.2.3, consider restricting the upload of svg...

Pydio 跨站脚本漏洞

Pydio AjaXplorer is a web-based remote file manager from Pydio. The manager supports uploading and downloading files, online file editing, image previewing, and more. A security vulnerability exists in Pydio version 4.2.3, which can be exploited by an attacker to cause a cross-site scripting...

PT-2022-5109 · Adobe · Incopy

Name of the Vulnerable Software and Affected Versions: Adobe InCopy versions 17.3 and earlier Adobe InCopy versions 16.4.2 and earlier Description: The issue is related to a Heap-based Buffer Overflow that could result in arbitrary code execution in the context of the current user. Exploitation...

PT-2022-5152 · Adobe · Photoshop

Name of the Vulnerable Software and Affected Versions: Adobe Photoshop versions 22.5.8 and earlier Adobe Photoshop versions 23.4.2 and earlier Description: The issue is related to a Heap-based Buffer Overflow that could result in arbitrary code execution in the context of the current user...

PT-2022-5081 · Adobe · Bridge

Name of the Vulnerable Software and Affected Versions: Adobe Bridge versions 12.0.2 and earlier Adobe Bridge versions 11.1.3 and earlier Description: The issue is related to an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. This...

Fedora: Security Advisory for autotrace (FEDORA-2022-b2db61249b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...