CVE-2022-35766 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

...

Microsoft Excel 安全漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Office Excel. The vulnerability arises from a failure of a network system or product to properly filter specific elements of externally entered data duri...

PT-2022-22253 · Mealie · Mealie

Name of the Vulnerable Software and Affected Versions: Mealie version 1.0.0beta3 Description: The issue allows attackers to execute arbitrary code via a crafted Jinja2 template. This is a result of a Server-Side Template Injection vulnerability. Recommendations: For Mealie version 1.0.0beta3, at...

PT-2022-19119 · Hewlett Packard · Hpe Integrated Lights-Out 5 +1

Name of the Vulnerable Software and Affected Versions: HPE Integrated Lights-Out 5 iLO 5 versions prior to 2.71 Description: A local arbitrary code execution issue was discovered, allowing an unprivileged user to execute arbitrary code, resulting in a complete loss of confidentiality and integrit...

SUSE-SU-2022:2524-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.36.4 bsc1201221: - CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information. - CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted....

CVE-2022-34634

CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted det instructions rather create an exception...

CVE-2022-34243 Adobe Photoshop U3D File Parsing Use-After-Free Remote Code Execution Vulnerability

Adobe Photoshop versions 22.5.7 and earlier and 23.3.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2022-34215 Adobe Acrobat Reader DC Annotation Polygon Out-Of-Bounds Read Remote Code Execution Vulnerability

Adobe Acrobat Reader versions 22.001.20142 and earlier, 20.005.30334 and earlier and 17.012.30229 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage thi...

Vulnerability fixed in ManageEngine ADAudit Plus

ManageEngine has fixed a vulnerability in ADAudit Plus. A unauthenticated malicious person could exploit the vulnerability to execute arbitrary code on the system on which ADAudit Plus is installed. Horizon researchers have published a write-up and proof-of-concept code published. They indicate...

CVE-2022-32585

A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2021-40643

EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page by default/usr/sbin/sendmail it is possible to execute any command, which will be executed when we make...

Robustel R1510 安全漏洞

Robustel R1510 is an industrial VPN router from Robustel China.The Robustel R1510 is vulnerable to a command execution vulnerability that could be exploited by an attacker to send specially crafted network requests leading to arbitrary command execution...

NeoRS 访问控制错误漏洞

Douzone Bizon NeoRS is a remote support service from Douzone Bizon in Korea. Remote Pc can be accessed and controlled from anywhere, anytime through a remote support site. A security vulnerability exists in NeoRS versions prior to 2021.3.10.1, which originates from an origin authentication error...

CVE-2022-20202

In ih264resitransquant4x4sse42 of ih264resitransquantsse42.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions...

CVE-2022-29095

Dell SupportAssist Client Consumer versions 3.10.4 and prior and Dell SupportAssist Client Commercial versions 3.1.1 and prior contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to...

Security Updates for Microsoft Word Products C2R (September 2020)

The Microsoft Word Products are missing a security update. It is, therefore, affected by the following vulnerability : - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the...

Command execution vulnerability in JGraph drawio-desktop

drawio-desktop is an Electron-based diagramming and whiteboarding desktop application. A command execution vulnerability exists in JGraph drawio-desktop that can be exploited by an attacker to cause code execution...

编号撤回

Laravel is a PHP Web development framework PHP Web Framework. A command execution vulnerability exists in Laravel that can be exploited by an attacker to perform remote code execution RCE...

Google Android 安全漏洞

Google Android is a Linux-based open-source operating system from the U.S. company Google. Google Android has a code execution vulnerability that could be exploited by attackers to execute arbitrary code on the system...

Hardcoded credentials

UNSUPPORTED WHEN ASSIGNED D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php...