‼ CVE-2022-2085 ‼
📖 Read
via "National Vulnerability Database".
A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29864 ‼
📖 Read
via "National Vulnerability Database".
OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30655 ‼
📖 Read
via "National Vulnerability Database".
Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-30653 ‼
📖 Read
via "National Vulnerability Database".
Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30657 ‼
📖 Read
via "National Vulnerability Database".
Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32547 ‼
📖 Read
via "National Vulnerability Database".
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29866 ‼
📖 Read
via "National Vulnerability Database".
OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaust the memory resources of a server via a crafted request that triggers Uncontrolled Resource Consumption.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30656 ‼
📖 Read
via "National Vulnerability Database".
Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30652 ‼
📖 Read
via "National Vulnerability Database".
Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27512 ‼
📖 Read
via "National Vulnerability Database".
Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30654 ‼
📖 Read
via "National Vulnerability Database".
Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32545 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41487 ‼
📖 Read
via "National Vulnerability Database".
NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31464 ‼
📖 Read
via "National Vulnerability Database".
Insecure permissions configuration in Adaware Protect v1.2.439.4251 allows attackers to escalate privileges via changing the service binary path.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31301 ‼
📖 Read
via "National Vulnerability Database".
Haraj v3.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Post Ads component.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32546 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31294 ‼
📖 Read
via "National Vulnerability Database".
An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts.📖 Read
via "National Vulnerability Database".
🕴 Microsoft 365 Function Leaves SharePoint, OneDrive Files Open to Ransomware Attacks 🕴
📖 Read
via "Dark Reading".
SharePoint and OneDrive libraries can be encrypted in ransomware attack, researchers say.📖 Read
via "Dark Reading".
Dark Reading
Microsoft 365 Function Leaves SharePoint, OneDrive Files Open to Ransomware Attacks
SharePoint and OneDrive libraries can be encrypted in ransomware attack, researchers say.
🕴 BlastWave Announces Enhancements to Its Zero-Trust Security Software Solution, BlastShield 🕴
📖 Read
via "Dark Reading".
Update allows BlastShield users to link with hybrid cloud network providers like AWS, Google, and the most recent addition, Azure, in one secure environment.📖 Read
via "Dark Reading".
Dark Reading
BlastWave Announces Enhancements to Its Zero-Trust Security Software Solution, BlastShield
Update allows BlastShield users to link with hybrid cloud network providers like AWS, Google, and the most recent addition, Azure, in one secure environment.
🕴 Internet Explorer Now Retired but Still an Attacker Target 🕴
📖 Read
via "Dark Reading".
Though the once-popular browser is officially now history as far as Microsoft support goes, adversaries won't stop attacking it, security experts say.📖 Read
via "Dark Reading".
Dark Reading
Internet Explorer Now Retired but Still an Attacker Target
Though the once-popular browser is officially now history as far as Microsoft support goes, adversaries won't stop attacking it, security experts say.
‼ CVE-2021-36608 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php.📖 Read
via "National Vulnerability Database".