Adobe Framemaker Out-of-Bounds Write Vulnerability (CNVD-2022-41736)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. A security vulnerability exists in Adobe Framemaker. An attacker could exploit the vulnerability to execute...

Jeecg-Boot CMS arbitrary file upload vulnerability

An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code...

USN-5342-1: Python vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description David Schwörer discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu...

CVE-2021-23165

A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdfprepareoutpages, in ps-pdf.cxx may lead to execute arbitrary code and denial of service...

ROS-20220518-03

A vulnerability in the pjproject multimedia communication library is related to an infinite loop when parsing a of a WAV file. Exploitation of the vulnerability could allow an attacker acting remotely to consume all available system resources and cause denial of service conditions A vulnerability...

CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code

The validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted dataTokenfields value that is processed by the unserialize function, as demonstrated by...

GHSA-HGR8-G756-VMG9 Zeta Components Mail Arbitrary code execution via a crafted email address

The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one...

Canonical Apport 安全特征问题漏洞

Canonical Apport is a toolkit from Canonical UK for collecting and feeding back error messages information that the operating system finds useful when an application crashes. Canonical Apport suffers from a security signature issue vulnerability that stems from a system where Apport does not...

CVE-2022-29622

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...

CVE-2022-29622

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...

CVE-2022-29354

An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file...

CVE-2022-29623

An arbitrary file upload vulnerability in the file upload module of Express Connect-Multiparty 2.2.0 allows attackers to execute arbitrary code via a crafted PDF file. NOTE: the Supplier has not verified this vulnerability report...

CVE-2022-29622

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...

CVE-2022-29622

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...

CVE-2022-29622

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...

Google Chrome Security Update (stable-channel-update-for-desktop_10-2022-05) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Google Chrome Security Update (stable-channel-update-for-desktop_10-2022-05) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Google Chrome Security Update (stable-channel-update-for-desktop_10-2022-05) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

CVE-2020-22986

Cross-Site Scripting XSS vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task...

Sql injection

A Server Side Template Injection SSTI vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote attacker to execute arbitrary code through /project/PROJECTNAME/reports/...