CVE-2022-39256 Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution.

Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform t...

Ubuntu: Security Advisory (USN-5630-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5614-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Adobe InDesign Heap Buffer Overflow Vulnerability (CNVD-2022-79422)

Adobe InDesign is a set of typesetting and editing applications from Adobe, which is vulnerable to a heap buffer overflow that could be exploited to execute arbitrary code...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

USN-5613-1: Vim vulnerabilities

It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2022-0943 It was discovered that Vim was using freed memory when dealing with regula...

Two Zero-day vulnerabilities in macOS BigSur

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apple addresses ten vulnerabilities, two of which are actively exploited. The vulnerabilities have been assigned CVE-2022-32917 and CVE-2022-32894 and could allow an attacker to execute arbitrary...

USN-5606-1: poppler vulnerability

It was discovered that poppler incorrectly handled certain PDF. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

Security Bulletin: Apache Commons Configuration Vulnerability affects IBM SPSS Analytic Server [CVE-2022-33980]

Summary There is a vulnerability in the version of Apache Commons Configuration that was included in IBM SPSS Analytic Server. This vulnerability has been addressed. CVE-2022-33980 Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker t...

Apple Mac OS X Security Update (HT212325)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Chrome WebSQL Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 105.0.5195.52, which stems from a mix-up in instructions responsible for freeing memory in WebSQL. An attacker could exploit this vulnerability to...

Privilege escalation

An arbitrary file upload vulnerability in the component /phpaction/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-36582

An arbitrary file upload vulnerability in the component /phpaction/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

Tenda AC1206 Buffer Overflow Vulnerability (CNVD-2022-78498)

Tenda AC1206 is a wireless pass-through gigabit router from Tenda, China.Tenda AC1206 version V15.03.06.23 is vulnerable to a buffer overflow vulnerability caused by improper boundary checking of the formSetQosBand function. An attacker could exploit this vulnerability to overflow the buffer and...

Tenda AX180 Stack Overflow Vulnerability (CNVD-2022-78477)

Tenda AX1803 is a dual-band gigabit WIFI6 router from Tenda China.Tenda AX1803 is vulnerable to a stack overflow vulnerability caused by improper boundary checking in the fromSetRouteStatic function. An attacker could exploit this vulnerability to cause a buffer overflow and execute arbitrary cod...

Design/Logic Flaw

Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file...

CVE-2021-41783

Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled...

CVE-2021-41781

Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled...

CVE-2021-41783

CVE-2021-41783 affects Foxit PDF Reader before 11.1, Foxit PDF Editor before 11.1, and PhantomPDF before 10.1.6. The root cause is a use-after-free triggered by mishandling JavaScript, enabling attackers to potentially execute arbitrary code. The CVSS details in the initial document show a local ...

Ubuntu: Security Advisory (USN-4288-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...