CVE-2023-25871 Adobe Substance 3D Stager SVG File Parsing Use-After-Free Remote Code Execution Vulnerability

Adobe Substance 3D Stager versions 2.0.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2022-42372

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

CVE-2022-38450 Adobe Acrobat Reader DC XFA Parsing Stack Overflow Remote Code Execution Vulnerability

Adobe Acrobat Reader versions 22.002.20212 and earlier and 20.005.30381 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in RUGGEDCOM, SCALANCE and SIMATIC products. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of authentication. Remote co...

CVE-2022-35673

Adobe FrameMaker is affected by CVE-2022-35673 (and related) with an out-of-bounds read during parsing of crafted files, potentially enabling code execution in the user’s context. Affected are FrameMaker 2019 Update 8 and earlier and 2020 Update 4 and earlier. The vulnerability requires user inte...

CVE-2022-23203

Adobe Photoshop versions 22.5.4 and earlier and 23.1 and earlier are affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victi...

CVE-2021-44521

When running Apache Cassandra with the following configuration: enableuserdefinedfunctions: true enablescripteduserdefinedfunctions: true enableuserdefinedfunctionsthreads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissio...

CVE-2021-36050

XMP Toolkit SDK version 2020.1 and earlier is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file...

CVE-2021-28605 Adobe After Effects memory corruption could lead to arbitrary code execution

Adobe After Effects version 18.2 and earlier is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue...

CVE-2021-36009 Adobe Illustrator PDF File Parsing Memory Corruption Remote Code Execution Vulnerability

Adobe Illustrator version 25.2.3 and earlier is affected by an memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue...

CVE-2021-35999 Adobe Prelude Memory Corruption Remote Code Execution Vulnerability

Adobe Prelude version 10.0 and earlier is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires...

CVE-2021-21277

angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compileuserControlledInput" where "userControlledInput" is tex...

Access-Policy Code Execution Vulnerability

access-policy is an access policy encoder/parser. A security vulnerability exists in access-policy 3.1.0 and earlier versions, which originates when user input provided to the 'template' function is executed by the 'eval' function. An attacker could exploit this vulnerability to execute code...

SUSE-SU-2020:14266-1 Security update for apache2-mod_perl

This update for apache2-modperl fixes the following issues: - CVE-2011-2767: Fixed a vulnerability which could have allowed perl code execution in the context of user account bsc1156944...

Integer overflow

In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661742...

Out-of-bounds

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117496180...

CVE-2019-2077

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114745929...

Out-of-bounds

In ihevcdparsebufferingperiodsei of ihevcdparseheaders.c in Android 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2019-2126

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0...

CVE-2018-9527

In vorbisbookdecodevset of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1...