Debian DLA-2995-1 : smarty3 - LTS security update

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2995 advisory. Smarty3, a template engine for PHP, allowed template authors to run restricted static php methods. The same authors could also run arbitrary PHP code by crafting a...

The vulnerability of the corporate platform Microsoft Teams, related to errors in information presentation by the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of the corporate platform Microsoft Teams is related to errors in information representation by the user interface. Exploiting this vulnerability allows a malicious actor to carry out spear-phishing attacks using specially crafted URLs...

Fedora: Security Advisory for patat (FEDORA-2022-1f981071eb)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability in the WPS Presentation creation application of the WPS Office office software package arises from the loading of a non-existent dynamic library. This allows an attacker to escalate their privileges and execute arbitrary code.

The vulnerability of the WPS Presentation creation application within the WPS Office office software package is related to the loading of a non-existent dynamic library, d3dx941.dll. Exploiting this vulnerability can allow an attacker to elevate their privileges and execute arbitrary code...

The vulnerability of the Microsoft Office software package, related to errors in information presentation at the user interface level, allows attackers to perform spear-phishing attacks.

The vulnerability of the Microsoft Office suite is related to errors in information representation by the user interface. Exploiting this vulnerability can allow a remote attacker to perform spear-phishing attacks...

The vulnerability of the Microsoft SharePoint software package, related to errors in information presentation on the user interface, allows a hacker to perform a spoofing attack.

The vulnerability of the Microsoft SharePoint software is related to errors in information presentation at the user interface level. Exploiting this vulnerability can allow a malicious actor to perform a spoofing attack remotely...

The vulnerability of the Microsoft Dynamics 365 resource planning software, related to errors in the user interface’s information presentation, allows a perpetrator to carry out spear-phishing attacks.

The vulnerability of the Microsoft Dynamics 365 resource planning software is related to errors in information presentation at the user interface level. Exploiting this vulnerability allows an attacker to perform spear-phishing attacks remotely...

CVE-2022-26511

WPS Presentation 11.8.0.5745 insecurely load d3dx941.dll when opening .pps files'current directory type' DLL loading...

CVE-2022-26511

WPS Presentation 11.8.0.5745 insecurely load d3dx941.dll when opening .pps files'current directory type' DLL loading...

CVE-2022-26511

WPS Presentation 11.8.0.5745 insecurely load d3dx941.dll when opening .pps files'current directory type' DLL loading...

Directory traversal

WPS Presentation 11.8.0.5745 insecurely load d3dx941.dll when opening .pps files'current directory type' DLL loading...

CVE-2022-26511

CVE-2022-26511 affects WPS Presentation 11.8.0.5745 where DLL loading is insecure: it loads d3dx9_41.dll from the current directory when opening .pps files, enabling potential arbitrary code execution. Affected product: KINGSOFT WPS Presentation (part of WPS Office). Root cause: insecure DLL load...

CVE-2022-26511

WPS Presentation 11.8.0.5745 insecurely load d3dx941.dll when opening .pps files'current directory type' DLL loading...

KINGSOFT WPS Presentation 代码问题漏洞

KINGSOFT WPS Presentation is an application from the Chinese company KINGSOFT. It is used to create presentations. A code issue vulnerability exists in KINGSOFT WPS Presentation version 11.8.0.5745, which stems from the application loading DLL libraries in an insecure manner. A remote attacker...

The vulnerability in the implementation of the Windows Authenticode signature technology of the Microsoft Windows operating system allows attackers to perform spoofing attacks.

The vulnerability of the Authenticode signature technology implemented in Microsoft Windows operating systems is related to errors in information presentation by the user interface. Exploiting this vulnerability can allow attackers to perform spoofing attacks...

MZ Automation GmbH libiec61850 parseNormalModeParameters denial of service vulnerability

Summary A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this...

The vulnerability of the software package for accounting or resource planning of Microsoft Dynamics GP, related to errors in information presentation on the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of the software package for accounting or resource planning of Microsoft Dynamics GP involves information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to perform spear-phishing attacks remotely...

The vulnerability of the Azure Data Explorer data analysis service, related to errors in information presentation on the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of the Azure Data Explorer data analysis service is related to errors in information representation by the user interface. Exploiting this vulnerability may allow attackers to perform spear-phishing attacks remotely...

CVE-2022-24980

An issue was discovered in the Kitodo.Presentation aka dif extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to vie...

Kitodo Presentation 代码问题漏洞

Kitodo Presentation is a feature-rich framework for building METS or IIIF-based digital libraries. A code issue vulnerability exists in Kitodo Presentation that stems from the product's failure to adequately validate user-supplied input in eID scripts. A remote attacker could use this vulnerabili...