Ubuntu: Security Advisory (USN-5479-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-32158 Splunk Enterprise deployment servers allow client publishing of forwarder bundles

Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute arbitrary code on a...

CVE-2022-32278

XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server...

CVE-2022-29725

An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-29624

An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file...

Design/Logic Flaw

An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-1652

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the badflpintr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service...

Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in Kerberos

Summary IBM has provided explicit mitigation for the following Kerberos CVEs. DataPower did not previously provide the conditions necessary to exploit these CVEs. The explicit mitigations provided here protect against possible future changes that might have made them exploitable. Vulnerability...

USN-5458-1: Vim vulnerabilities

It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. CVE-2021-4193 It was discovered that Vim was not properly performing bounds checks when...

Ubuntu: Security Advisory (USN-5443-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-29725

An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-30506

An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file...

Adobe Framemaker Out-of-Bounds Write Vulnerability (CNVD-2022-41732)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. A security vulnerability exists in Adobe Framemaker. An attacker can exploit the vulnerability to execute arbitrar...

Adobe Framemaker Out-of-Bounds Write Vulnerability (CNVD-2022-41736)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. A security vulnerability exists in Adobe Framemaker. An attacker could exploit the vulnerability to execute...

Jeecg-Boot CMS arbitrary file upload vulnerability

An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code...

USN-5342-1: Python vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description David Schwörer discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu...

CVE-2021-23165

A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdfprepareoutpages, in ps-pdf.cxx may lead to execute arbitrary code and denial of service...

ROS-20220518-03

A vulnerability in the pjproject multimedia communication library is related to an infinite loop when parsing a of a WAV file. Exploitation of the vulnerability could allow an attacker acting remotely to consume all available system resources and cause denial of service conditions A vulnerability...

CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code

The validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted dataTokenfields value that is processed by the unserialize function, as demonstrated by...

GHSA-HGR8-G756-VMG9 Zeta Components Mail Arbitrary code execution via a crafted email address

The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one...