CVE-2022-40087

Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function fileputcontents. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

Democritus Project d8s-dicts Code Execution Vulnerability

Democritus Project is a collection of simple, effective, modular, well-tested and well-documented features from Democritus. A code execution vulnerability exists in Democritus Project version 0.1.0, which stems from a potential code execution backdoor in d8s-dicts inserted by a third party, which...

CVE-2022-28640

A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5 iLO 5 in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated...

CVE-2022-28640

A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5 iLO 5 in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated...

PYSEC-2022-43122

The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

PYSEC-2022-43119

The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

CVE-2022-38417 Adobe InDesign SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Adobe InDesign versions 16.4.2 and earlier and 17.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context...

CVE-2022-38414 Adobe InDesign SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Adobe InDesign versions 16.4.2 and earlier and 17.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2018-1567)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, WebSphere Enterprise Service Bus and WebSphere Lombardi Edition. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have...

(0Day) Ansys SpaceClaim JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT...

CVE-2022-38011

Raw Image Extension Remote Code Execution Vulnerability...

CVE-2022-34733

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

CVE-2022-36040 Rizin Out-of-bounds Write vulnerability in pyc/marshal.c

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from PYCpython files. A user opening a malicious PYC file could be affected by this vulnerability, allowing an attacker to execute code ...

CVE-2022-36216

DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in membertoadmin.php...

PT-2022-14551 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android version 13 Description: In Media, there is a possible code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2022-35804

SMB Client and Server Remote Code Execution Vulnerability...

CVE-2022-35766 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

...

Microsoft Excel 安全漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Office Excel. The vulnerability arises from a failure of a network system or product to properly filter specific elements of externally entered data duri...

PT-2022-22253 · Mealie · Mealie

Name of the Vulnerable Software and Affected Versions: Mealie version 1.0.0beta3 Description: The issue allows attackers to execute arbitrary code via a crafted Jinja2 template. This is a result of a Server-Side Template Injection vulnerability. Recommendations: For Mealie version 1.0.0beta3, at...

PT-2022-19119 · Hewlett Packard · Hpe Integrated Lights-Out 5 +1

Name of the Vulnerable Software and Affected Versions: HPE Integrated Lights-Out 5 iLO 5 versions prior to 2.71 Description: A local arbitrary code execution issue was discovered, allowing an unprivileged user to execute arbitrary code, resulting in a complete loss of confidentiality and integrit...