Parse Server buildUpdatedObject Prototype Pollution Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parse Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the buildUpdatedObject function. The issue results from the lack of control over modifications ...

SAP 3D Visual Enterprise Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

Insufficient validation when decoding a Socket.IO packet

Due to improper type validation in the socket.io-parser library which is used by the socket.io and socket.io-client packages to encode and decode Socket.IO packets, it is possible to overwrite the placeholder object which allows an attacker to place references to functions at arbitrary places in...

Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...

CVE-2022-41844

An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetchint, int, Object, int in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088...

CVE-2022-41844

An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetchint, int, Object, int in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088...

Adobe Bridge DCM File Parsing Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

CVE-2022-38236

XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObjObject at /xpdf/Lexer.cc...

CVE-2022-38236

XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObjObject at /xpdf/Lexer.cc...

CVE-2022-38234

XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObjObject at /xpdf/Lexer.cc...

CVE-2022-38234

XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObjObject at /xpdf/Lexer.cc...

Foxit PDF Reader AcroForm deletePages Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

[SECURITY] Fedora 35 Update: ceph-16.2.10-1.fc35

Ceph is a massively scalable, open-source, distributed storage system that ru ns on commodity hardware and delivers object, block and file system storage...

Fedora: Security Advisory for ceph (FEDORA-2022-3e1ade35db)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: ceph-16.2.9-3.fc35

Ceph is a massively scalable, open-source, distributed storage system that ru ns on commodity hardware and delivers object, block and file system storage...

Adobe Acrobat Reader DC AcroForm exportValues Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

Microsoft Windows win32kfull UMPDDrvGradientFill Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull...

shvl vulnerable to prototype pollution

Overview Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. Details The NPM module 'shvl' can be abused by Prototype Pollution vulnerability since the function 'set' did not check for the...

GHSA-7W53-HFPW-RG3G Symfony Arbitrary PHP code Execution

Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the 1 Yaml::parse or 2 Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348...