Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE
#sql#vulnerability#web#mac#windows#apple#microsoft#linux#cisco#dos#apache#js#git#java#oracle#wordpress#intel#c++#rce#perl#ldap#nginx#samba#ssrf#pdf#vmware#buffer_overflow#hard_coded_credentials#samsung#auth#zero_day#docker#firefox#sap#ssl

ZDI-22-1440 ZDI-CAN-16973 Siemens CVE-2022-41851 7.8 Oct. 17, 2022 Siemens Simcenter Femap JT File Parsing Uninitialized Pointer Remote Code Execution Vulnerability ZDI-22-1439 ZDI-CAN-18621 Adobe CVE-2022-38446 7.8 Oct. 14, 2022 Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-1438 ZDI-CAN-15154 Altair CVE-2022-2951 7.8 Oct. 14, 2022 Altair HyperView Player H3D File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability ZDI-22-1437 ZDI-CAN-14891 Altair CVE-2022-2950 7.8 Oct. 14, 2022 Altair HyperView Player H3D File Parsing Uninitialized Memory Remote Code Execution Vulnerability ZDI-22-1436 ZDI-CAN-14889 Altair CVE-2022-2949 7.8 Oct. 14, 2022 Altair HyperView Player H3D File Parsing Uninitialized Memory Remote Code Execution Vulnerability ZDI-22-1435 ZDI-CAN-14888 Altair CVE-2022-2947 7.8 Oct. 14, 2022 Altair HyperView Player H3D File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-1434 ZDI-CAN-16929 Adobe CVE-2022-38418 8.1 Oct. 14, 2022 Adobe ColdFusion Application Server Directory Traversal Remote Code Execution Vulnerability ZDI-22-1433 ZDI-CAN-16884 Adobe CVE-2022-38421 6.6 Oct. 14, 2022 Adobe ColdFusion Application Server Directory Traversal Remote Code Execution Vulnerability ZDI-22-1432 ZDI-CAN-16886 Adobe CVE-2022-38424 6.7 Oct. 14, 2022 Adobe ColdFusion Application Server Directory Traversal Arbitrary File Disclosure Or Deletion Vulnerability ZDI-22-1431 ZDI-CAN-18262 Adobe CVE-2022-42342 3.3 Oct. 14, 2022 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1430 ZDI-CAN-18538 Adobe CVE-2022-38449 3.3 Oct. 14, 2022 Adobe Acrobat Reader DC JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1429 ZDI-CAN-18616 Adobe CVE-2022-38441 7.8 Oct. 14, 2022 Adobe Dimension GLB File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1428 ZDI-CAN-18615 Adobe CVE-2022-38443 3.3 Oct. 14, 2022 Adobe Dimension GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1427 ZDI-CAN-18625 Adobe CVE-2022-38442 7.8 Oct. 14, 2022 Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-1426 ZDI-CAN-18624 Adobe CVE-2022-38447 7.8 Oct. 14, 2022 Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-1425 ZDI-CAN-18622 Adobe CVE-2022-38445 7.8 Oct. 14, 2022 Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-1424 ZDI-CAN-18620 Adobe CVE-2022-38448 7.8 Oct. 14, 2022 Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-1423 ZDI-CAN-18617 Adobe CVE-2022-38440 7.8 Oct. 14, 2022 Adobe Dimension SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1422 ZDI-CAN-18623 Adobe CVE-2022-38444 7.8 Oct. 14, 2022 Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-1421 ZDI-CAN-16898 Adobe CVE-2022-35710 9.8 Oct. 14, 2022 Adobe ColdFusion ODBC Server Memory Corruption Remote Code Execution Vulnerability ZDI-22-1420 ZDI-CAN-16892 Adobe CVE-2022-38423 4.4 Oct. 14, 2022 Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability ZDI-22-1419 ZDI-CAN-16883 Adobe CVE-2022-38422 5.3 Oct. 14, 2022 Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability ZDI-22-1418 ZDI-CAN-16921 Adobe CVE-2022-38420 6.5 Oct. 14, 2022 Adobe ColdFusion Admin Component Use of Hard-coded Credentials Authentication Bypass Vulnerability ZDI-22-1417 ZDI-CAN-16901 Adobe CVE-2022-35712 9.8 Oct. 14, 2022 Adobe ColdFusion ODBC Agent Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1416 ZDI-CAN-16900 Adobe CVE-2022-35690 9.8 Oct. 14, 2022 Adobe ColdFusion ODBC Agent Memory Corruption Remote Code Execution Vulnerability ZDI-22-1415 ZDI-CAN-16899 Adobe CVE-2022-35711 9.8 Oct. 14, 2022 Adobe ColdFusion ODBC Server Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1414 ZDI-CAN-16885 Adobe CVE-2022-38419 5.9 Oct. 14, 2022 Adobe ColdFusion Solr Service XML External Entity Processing Information Disclosure Vulnerability ZDI-22-1413 ZDI-CAN-18149 Microsoft CVE-2022-37989 7.8 Oct. 14, 2022 Microsoft Windows CSRSS Local Privilege Escalation Vulnerability ZDI-22-1412 ZDI-CAN-18004 Microsoft CVE-2022-37997 8.8 Oct. 14, 2022 Microsoft Windows win32kfull UMPD Use-After-Free Local Privilege Escalation Vulnerability ZDI-22-1411 ZDI-CAN-17647 Microsoft CVE-2022-38048 7.8 Oct. 14, 2022 Microsoft Word DOCX File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-1410 ZDI-CAN-17847 Microsoft CVE-2022-37987 7.8 Oct. 14, 2022 Microsoft Windows CSRSS DosDevices Local Privilege Escalation Vulnerability ZDI-22-1409 ZDI-CAN-17358 Microsoft CVE-2022-37986 5.3 Oct. 14, 2022 Microsoft Windows User-Mode Print Driver Insufficient Message Authentication Local Privilege Escalation Vulnerability ZDI-22-1408 ZDI-CAN-17576 Microsoft CVE-2022-38044 7.7 Oct. 14, 2022 Microsoft Windows CDFS Integer Overflow Remote Code Execution Vulnerability ZDI-22-1407 ZDI-CAN-17544 Tesla CVE-2022-42431 8.8 Oct. 7, 2022 Tesla bcmdhd Buffer Overflow Privilege Escalation Vulnerability ZDI-22-1406 ZDI-CAN-17543 Tesla CVE-2022-42430 8.8 Oct. 7, 2022 Tesla wowlan_config Use-After-Free Privilege Escalation Vulnerability ZDI-22-1405 ZDI-CAN-18902 Linux 2.8 Oct. 7, 2022 Linux Kernel IPv4 FIB Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1404 ZDI-CAN-16518 Trend Micro CVE-2022-41744 7.8 Oct. 7, 2022 Trend Micro Apex One Vulnerability Protection Service Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability ZDI-22-1403 ZDI-CAN-18013 Trend Micro CVE-2022-41746 9.1 Oct. 7, 2022 Trend Micro Apex One Forced Browsing Privilege Escalation Vulnerability ZDI-22-1402 ZDI-CAN-16923 Trend Micro CVE-2022-41747 7.8 Oct. 7, 2022 Trend Micro Apex One Security Agent Improper Certificate Validation Local Privilege Escalation Vulnerability ZDI-22-1401 ZDI-CAN-17542 Trend Micro CVE-2022-41745 7.0 Oct. 7, 2022 Trend Micro Apex One Security Agent Out-Of-Bounds Access Local Privilege Escalation Vulnerability ZDI-22-1400 ZDI-CAN-17084 Trend Micro CVE-2022-41749 7.8 Oct. 7, 2022 Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability ZDI-22-1399 ZDI-CAN-18410 Centreon CVE-2022-42428 7.2 Oct. 7, 2022 Centreon Poller Broker SQL Injection Privilege Escalation Vulnerability ZDI-22-1398 ZDI-CAN-18541 Centreon CVE-2022-42427 7.2 Oct. 7, 2022 Centreon Contact Group SQL Injection Privilege Escalation Vulnerability ZDI-22-1397 ZDI-CAN-18554 Centreon CVE-2022-42426 7.2 Oct. 7, 2022 Centreon Poller Broker SQL Injection Privilege Escalation Vulnerability ZDI-22-1396 ZDI-CAN-18555 Centreon CVE-2022-42425 7.2 Oct. 7, 2022 Centreon Poller Broker SQL Injection Privilege Escalation Vulnerability ZDI-22-1395 ZDI-CAN-18556 Centreon CVE-2022-42424 7.2 Oct. 7, 2022 Centreon Poller Broker SQL Injection Privilege Escalation Vulnerability ZDI-22-1394 ZDI-CAN-18557 Centreon CVE-2022-42429 7.2 Oct. 7, 2022 Centreon Poller Broker SQL Injection Privilege Escalation Vulnerability ZDI-22-1393 ZDI-CAN-18703 PDF-XChange CVE-2022-42421 7.8 Oct. 7, 2022 PDF-XChange Editor TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1392 ZDI-CAN-18893 PDF-XChange CVE-2022-42394 7.8 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1391 ZDI-CAN-18892 PDF-XChange CVE-2022-42403 7.8 Oct. 7, 2022 PDF-XChange Editor PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1390 ZDI-CAN-18716 PDF-XChange CVE-2022-42423 7.8 Oct. 7, 2022 PDF-XChange Editor TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1389 ZDI-CAN-18700 PDF-XChange CVE-2022-42419 7.8 Oct. 7, 2022 PDF-XChange Editor TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1388 ZDI-CAN-18686 PDF-XChange CVE-2022-42420 7.8 Oct. 7, 2022 PDF-XChange Editor TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1387 ZDI-CAN-18677 PDF-XChange CVE-2022-42418 7.8 Oct. 7, 2022 PDF-XChange Editor TIF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ZDI-22-1386 ZDI-CAN-18676 PDF-XChange CVE-2022-42417 7.8 Oct. 7, 2022 PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1385 ZDI-CAN-18673 PDF-XChange CVE-2022-42416 7.8 Oct. 7, 2022 PDF-XChange Editor TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1384 ZDI-CAN-18662 PDF-XChange CVE-2022-42393 3.3 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1383 ZDI-CAN-18661 PDF-XChange CVE-2022-42392 3.3 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1382 ZDI-CAN-18660 PDF-XChange CVE-2022-42391 3.3 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1381 ZDI-CAN-18659 PDF-XChange CVE-2022-42390 3.3 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1380 ZDI-CAN-18658 PDF-XChange CVE-2022-42389 3.3 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1379 ZDI-CAN-18657 PDF-XChange CVE-2022-42388 3.3 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1378 ZDI-CAN-18656 PDF-XChange CVE-2022-42387 3.3 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1377 ZDI-CAN-18655 PDF-XChange CVE-2022-42386 3.3 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1376 ZDI-CAN-18654 PDF-XChange CVE-2022-42385 3.3 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1375 ZDI-CAN-18653 PDF-XChange CVE-2022-42384 3.3 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1374 ZDI-CAN-18652 PDF-XChange CVE-2022-42383 3.3 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1373 ZDI-CAN-18651 PDF-XChange CVE-2022-42382 7.8 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1372 ZDI-CAN-18650 PDF-XChange CVE-2022-42381 7.8 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1371 ZDI-CAN-18649 PDF-XChange CVE-2022-42380 7.8 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1370 ZDI-CAN-18648 PDF-XChange CVE-2022-42379 7.8 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1369 ZDI-CAN-18632 PDF-XChange CVE-2022-42402 7.8 Oct. 7, 2022 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1368 ZDI-CAN-18631 PDF-XChange CVE-2022-42378 7.8 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1367 ZDI-CAN-18630 PDF-XChange CVE-2022-42377 7.8 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-1366 ZDI-CAN-18543 PDF-XChange CVE-2022-42408 3.3 Oct. 7, 2022 PDF-XChange Editor EMF File Parsing Use-After-Free Information Disclosure Vulnerability ZDI-22-1365 ZDI-CAN-18542 PDF-XChange CVE-2022-42407 3.3 Oct. 7, 2022 PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1364 ZDI-CAN-18533 PDF-XChange CVE-2022-42401 3.3 Oct. 7, 2022 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1363 ZDI-CAN-18529 PDF-XChange CVE-2022-42376 3.3 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1362 ZDI-CAN-18404 PDF-XChange CVE-2022-42375 3.3 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1361 ZDI-CAN-18403 PDF-XChange CVE-2022-42374 7.8 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-1360 ZDI-CAN-18402 PDF-XChange CVE-2022-42373 7.8 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1359 ZDI-CAN-18369 PDF-XChange CVE-2022-42406 3.3 Oct. 7, 2022 PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1358 ZDI-CAN-18368 PDF-XChange CVE-2022-42413 3.3 Oct. 7, 2022 PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1357 ZDI-CAN-18367 PDF-XChange CVE-2022-42405 7.8 Oct. 7, 2022 PDF-XChange Editor EMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1356 ZDI-CAN-18366 PDF-XChange CVE-2022-42415 7.8 Oct. 7, 2022 PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1355 ZDI-CAN-18365 PDF-XChange CVE-2022-42410 7.8 Oct. 7, 2022 PDF-XChange Editor PGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1354 ZDI-CAN-18347 PDF-XChange CVE-2022-42372 7.8 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1353 ZDI-CAN-18346 PDF-XChange CVE-2022-42371 7.8 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1352 ZDI-CAN-18345 PDF-XChange CVE-2022-42370 7.8 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1351 ZDI-CAN-18344 PDF-XChange CVE-2022-42369 3.3 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1350 ZDI-CAN-18343 PDF-XChange CVE-2022-41153 3.3 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1349 ZDI-CAN-18342 PDF-XChange CVE-2022-41152 7.8 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1348 ZDI-CAN-18341 PDF-XChange CVE-2022-41151 7.8 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1347 ZDI-CAN-18340 PDF-XChange CVE-2022-41150 7.8 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1346 ZDI-CAN-18339 PDF-XChange CVE-2022-41149 7.8 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1345 ZDI-CAN-18338 PDF-XChange CVE-2022-41148 7.8 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1344 ZDI-CAN-18328 PDF-XChange CVE-2022-42400 7.8 Oct. 7, 2022 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1343 ZDI-CAN-18327 PDF-XChange CVE-2022-42399 7.8 Oct. 7, 2022 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1342 ZDI-CAN-18326 PDF-XChange CVE-2022-42414 3.3 Oct. 7, 2022 PDF-XChange Editor PDF File Parsing Use-After-Free Information Disclosure Vulnerability ZDI-22-1341 ZDI-CAN-18324 PDF-XChange CVE-2022-42412 3.3 Oct. 7, 2022 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1340 ZDI-CAN-18315 PDF-XChange CVE-2022-42409 3.3 Oct. 7, 2022 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1339 ZDI-CAN-18307 PDF-XChange CVE-2022-42398 3.3 Oct. 7, 2022 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1338 ZDI-CAN-18306 PDF-XChange CVE-2022-42411 3.3 Oct. 7, 2022 PDF-XChange Editor JPC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1337 ZDI-CAN-18286 PDF-XChange CVE-2022-41147 7.8 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1336 ZDI-CAN-18284 PDF-XChange CVE-2022-41146 3.3 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1335 ZDI-CAN-18283 PDF-XChange CVE-2022-41145 3.3 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1334 ZDI-CAN-18282 PDF-XChange CVE-2022-41144 7.8 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1333 ZDI-CAN-18279 PDF-XChange CVE-2022-42397 3.3 Oct. 7, 2022 PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1332 ZDI-CAN-18278 PDF-XChange CVE-2022-42396 7.8 Oct. 7, 2022 PDF-XChange Editor XPS File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ZDI-22-1331 ZDI-CAN-18274 PDF-XChange CVE-2022-42395 7.8 Oct. 7, 2022 PDF-XChange Editor XPS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1330 ZDI-CAN-18273 PDF-XChange CVE-2022-42404 3.3 Oct. 7, 2022 PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1329 ZDI-CAN-18225 PDF-XChange CVE-2022-41143 7.8 Oct. 7, 2022 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1328 ZDI-CAN-18357 Apache CVE-2022-38398 7.5 Oct. 4, 2022 Apache Batik DefaultExternalResourceSecurity Server-Side Request Forgery Information Disclosure Vulnerability ZDI-22-1327 ZDI-CAN-18356 Apache CVE-2022-40146 8.1 Oct. 4, 2022 Apache Batik DefaultScriptSecurity Server-Side Request Forgery Remote Code Execution Vulnerability ZDI-22-1326 ZDI-CAN-18304 Centreon CVE-2022-41142 7.2 Oct. 3, 2022 Centreon Poller Resource SQL Injection Privilege Escalation Vulnerability ZDI-22-1325 ZDI-CAN-17666 SolarWinds CVE-2022-36961 8.8 Sept. 30, 2022 SolarWinds Network Performance Monitor UpdateActionsDescriptions SQL Injection Privilege Escalation Vulnerability ZDI-22-1324 ZDI-CAN-16216 Microsoft CVE-2022-34691 8.4 Sept. 29, 2022 Microsoft Windows Active Directory Certificate Services Improper Authorization Privilege Escalation Vulnerability ZDI-22-1323 ZDI-CAN-15575 GE 7.8 Sept. 29, 2022 (0Day) GE CIMPLICITY CIM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1322 ZDI-CAN-15574 GE 7.8 Sept. 29, 2022 (0Day) GE CIMPLICITY CIM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ZDI-22-1321 ZDI-CAN-15573 GE 7.8 Sept. 29, 2022 (0Day) GE CIMPLICITY CIM File Parsing Uninitialized Pointer Remote Code Execution Vulnerability ZDI-22-1320 ZDI-CAN-15572 GE 7.8 Sept. 29, 2022 (0Day) GE CIMPLICITY CIM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1319 ZDI-CAN-15571 GE 7.8 Sept. 29, 2022 (0Day) GE CIMPLICITY CIM File Parsing Uninitialized Pointer Remote Code Execution Vulnerability ZDI-22-1318 ZDI-CAN-17658 Autodesk CVE-2022-33886 7.8 Sept. 29, 2022 Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1317 ZDI-CAN-17657 Autodesk CVE-2022-33886 7.8 Sept. 29, 2022 Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1316 ZDI-CAN-17348 Autodesk CVE-2022-33884 7.8 Sept. 29, 2022 Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1315 ZDI-CAN-17154 Autodesk CVE-2022-33884 3.3 Sept. 29, 2022 Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1314 ZDI-CAN-17350 Autodesk CVE-2022-33884 7.8 Sept. 29, 2022 Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1313 ZDI-CAN-17151 Autodesk CVE-2022-33885 7.8 Sept. 29, 2022 Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1312 ZDI-CAN-17146 Autodesk CVE-2022-33885 7.8 Sept. 29, 2022 Autodesk AutoCAD PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1311 ZDI-CAN-17158 Autodesk CVE-2022-33884 7.8 Sept. 29, 2022 Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1310 ZDI-CAN-17159 Autodesk CVE-2022-33885 7.8 Sept. 29, 2022 Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1309 ZDI-CAN-17451 Autodesk CVE-2022-33885 7.8 Sept. 29, 2022 Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1308 ZDI-CAN-17421 Autodesk CVE-2022-33884 7.8 Sept. 29, 2022 Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1307 ZDI-CAN-17455 Autodesk CVE-2022-33885 7.8 Sept. 29, 2022 Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1306 ZDI-CAN-17415 Autodesk CVE-2022-33887 7.8 Sept. 29, 2022 Autodesk AutoCAD PDF File Parsing Uninitialized Variable Remote Code Execution Vulnerability ZDI-22-1305 ZDI-CAN-17437 Autodesk CVE-2022-33885 7.8 Sept. 29, 2022 Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1304 ZDI-CAN-17416 Autodesk CVE-2022-33885 7.8 Sept. 29, 2022 Autodesk AutoCAD PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1303 ZDI-CAN-15310 Docker CVE-2022-23774 6.1 Sept. 29, 2022 Docker Desktop Link Following Denial-of-Service Vulnerability ZDI-22-1302 ZDI-CAN-17482 Rockwell Automation CVE-2022-38742 8.1 Sept. 28, 2022 Rockwell Automation ThinManager ThinServer URI Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1301 ZDI-CAN-16729 Measuresoft CVE-2022-3263 7.8 Sept. 26, 2022 Measuresoft ScadaPro Server Improper Access Control Local Privilege Escalation Vulnerability ZDI-22-1300 ZDI-CAN-16859 Windscribe CVE-2022-41141 7.8 Sept. 26, 2022 Windscribe Uncontrolled Search Path Element Local Privilege Escalation Vulnerability ZDI-22-1299 ZDI-CAN-16651 Trend Micro CVE-2022-40709 4.4 Sept. 23, 2022 Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1298 ZDI-CAN-16595 Trend Micro CVE-2022-40708 4.4 Sept. 23, 2022 Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1297 ZDI-CAN-16594 Trend Micro CVE-2022-40707 4.4 Sept. 23, 2022 Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1296 ZDI-CAN-15467 Trend Micro CVE-2022-40710 7.8 Sept. 23, 2022 Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability ZDI-22-1295 ZDI-CAN-16749 Apple 2.5 Sept. 21, 2022 Apple macOS TIFF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1294 ZDI-CAN-16723 FreeBSD CVE-2022-23086 8.2 Sept. 20, 2022 FreeBSD Kernel MPT Heap-based Buffer Overflow Privilege Escalation Vulnerability ZDI-22-1293 ZDI-CAN-16722 FreeBSD CVE-2022-23086 8.2 Sept. 20, 2022 FreeBSD Kernel MPT Heap-based Buffer Overflow Privilege Escalation Vulnerability ZDI-22-1292 ZDI-CAN-16687 FreeBSD CVE-2022-23085 8.2 Sept. 20, 2022 FreeBSD Kernel Netmap Integer Overflow Privilege Escalation Vulnerability ZDI-22-1291 ZDI-CAN-16683 FreeBSD CVE-2022-23084 8.2 Sept. 20, 2022 FreeBSD Kernel Netmap Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability ZDI-22-1290 ZDI-CAN-13796 D-Link CVE-2022-41140 8.8 Sept. 20, 2022 D-Link Multiple Routers lighttpd Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1289 ZDI-CAN-16520 Apple 3.3 Sept. 19, 2022 Apple macOS vImage ICC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1288 ZDI-CAN-17652 Microsoft CVE-2022-35823 8.8 Sept. 19, 2022 Microsoft SharePoint Workflow Deserialization of Untrusted Data Remote Code Execution Vulnerability ZDI-22-1287 ZDI-CAN-17708 Microsoft CVE-2022-37963 7.8 Sept. 19, 2022 Microsoft Office Visio EMF File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-1286 ZDI-CAN-16894 Microsoft CVE-2022-37962 7.8 Sept. 19, 2022 Microsoft PowerPoint PPTX File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-1285 ZDI-CAN-17112 Microsoft CVE-2022-37955 7.0 Sept. 19, 2022 Microsoft Windows Group Policy Preference Link Following Local Privilege Escalation Vulnerability ZDI-22-1284 ZDI-CAN-16686 Microsoft CVE-2022-37954 8.8 Sept. 19, 2022 Microsoft Windows DirectX Graphics Use-After-Free Local Privilege Escalation Vulnerability ZDI-22-1283 ZDI-CAN-17762 Adobe CVE-2022-38425 3.3 Sept. 19, 2022 Adobe Bridge DCM File Parsing Use-After-Free Information Disclosure Vulnerability ZDI-22-1282 ZDI-CAN-17712 Adobe CVE-2022-35713 7.8 Sept. 19, 2022 Adobe Photoshop U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1281 ZDI-CAN-17714 Adobe CVE-2022-38426 7.8 Sept. 19, 2022 Adobe Photoshop U3D File Parsing Uninitialized Variable Remote Code Execution Vulnerability ZDI-22-1280 ZDI-CAN-17713 Adobe CVE-2022-38427 7.8 Sept. 19, 2022 Adobe Photoshop U3D File Parsing Uninitialized Variable Remote Code Execution Vulnerability ZDI-22-1279 ZDI-CAN-17590 Adobe CVE-2022-35708 7.8 Sept. 19, 2022 Adobe Bridge SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1278 ZDI-CAN-17618 Adobe CVE-2022-38412 7.8 Sept. 19, 2022 Adobe Animate SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1277 ZDI-CAN-17619 Adobe CVE-2022-38411 7.8 Sept. 19, 2022 Adobe Animate SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1276 ZDI-CAN-17612 Adobe CVE-2022-38403 7.8 Sept. 19, 2022 Adobe InCopy SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1275 ZDI-CAN-17611 Adobe CVE-2022-38402 7.8 Sept. 19, 2022 Adobe InCopy SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1274 ZDI-CAN-17610 Adobe CVE-2022-38404 7.8 Sept. 19, 2022 Adobe InCopy SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1273 ZDI-CAN-17609 Adobe CVE-2022-38405 7.8 Sept. 19, 2022 Adobe InCopy SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1272 ZDI-CAN-17608 Adobe CVE-2022-38401 7.8 Sept. 19, 2022 Adobe InCopy PCX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1271 ZDI-CAN-17607 Adobe CVE-2022-38407 3.3 Sept. 19, 2022 Adobe InCopy EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1270 ZDI-CAN-17603 Adobe CVE-2022-38406 3.3 Sept. 19, 2022 Adobe InCopy EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1269 ZDI-CAN-17602 Adobe CVE-2022-38433 7.8 Sept. 19, 2022 Adobe Photoshop SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1268 ZDI-CAN-17601 Adobe CVE-2022-38432 7.8 Sept. 19, 2022 Adobe Photoshop SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1267 ZDI-CAN-17600 Adobe CVE-2022-38431 7.8 Sept. 19, 2022 Adobe Photoshop SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1266 ZDI-CAN-17599 Adobe CVE-2022-38429 7.8 Sept. 19, 2022 Adobe Photoshop SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1265 ZDI-CAN-17598 Adobe CVE-2022-38434 7.8 Sept. 19, 2022 Adobe Photoshop SVG File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-1264 ZDI-CAN-17597 Adobe CVE-2022-38428 3.3 Sept. 19, 2022 Adobe Photoshop DCM File Parsing Use-After-Free Information Disclosure Vulnerability ZDI-22-1263 ZDI-CAN-17596 Adobe CVE-2022-38430 7.8 Sept. 19, 2022 Adobe Photoshop MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1262 ZDI-CAN-17595 Adobe CVE-2022-38410 3.3 Sept. 19, 2022 Adobe Illustrator EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1261 ZDI-CAN-17594 Adobe CVE-2022-38409 3.3 Sept. 19, 2022 Adobe Illustrator EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1260 ZDI-CAN-17593 Adobe CVE-2022-38408 7.8 Sept. 19, 2022 Adobe Illustrator PCX File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-1259 ZDI-CAN-17592 Adobe CVE-2022-35707 7.8 Sept. 19, 2022 Adobe Bridge SGI File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1258 ZDI-CAN-17591 Adobe CVE-2022-35706 7.8 Sept. 19, 2022 Adobe Bridge SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1257 ZDI-CAN-17380 Adobe CVE-2022-35705 7.8 Sept. 19, 2022 Adobe Bridge MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1256 ZDI-CAN-17379 Adobe CVE-2022-35709 3.3 Sept. 19, 2022 Adobe Bridge DCM File Parsing Use-After-Free Information Disclosure Vulnerability ZDI-22-1255 ZDI-CAN-17378 Adobe CVE-2022-35704 7.8 Sept. 19, 2022 Adobe Bridge SVG File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-1254 ZDI-CAN-17128 Adobe CVE-2022-35702 7.8 Sept. 19, 2022 Adobe Bridge SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1253 ZDI-CAN-17127 Adobe CVE-2022-35703 7.8 Sept. 19, 2022 Adobe Bridge SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1252 ZDI-CAN-17126 Adobe CVE-2022-35700 7.8 Sept. 19, 2022 Adobe Bridge SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1251 ZDI-CAN-17125 Adobe CVE-2022-35701 7.8 Sept. 19, 2022 Adobe Bridge SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1250 ZDI-CAN-17062 Adobe CVE-2022-35699 7.8 Sept. 19, 2022 Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1249 ZDI-CAN-18196 Siemens CVE-2022-39156 7.8 Sept. 16, 2022 Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1248 ZDI-CAN-18192 Siemens CVE-2022-39155 7.8 Sept. 16, 2022 Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1247 ZDI-CAN-18188 Siemens CVE-2022-39154 7.8 Sept. 16, 2022 Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1246 ZDI-CAN-18187 Siemens CVE-2022-39153 7.8 Sept. 16, 2022 Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1245 ZDI-CAN-17740 Siemens CVE-2022-39152 7.8 Sept. 16, 2022 Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1244 ZDI-CAN-17736 Siemens CVE-2022-39151 7.8 Sept. 16, 2022 Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1243 ZDI-CAN-17735 Siemens CVE-2022-39150 7.8 Sept. 16, 2022 Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1242 ZDI-CAN-17733 Siemens CVE-2022-39149 7.8 Sept. 16, 2022 Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1241 ZDI-CAN-17513 Siemens CVE-2022-39148 7.8 Sept. 16, 2022 Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1240 ZDI-CAN-17506 Siemens CVE-2022-39147 7.8 Sept. 16, 2022 Siemens Simcenter Femap X_T File Parsing Uninitialized Pointer Remote Code Execution Vulnerability ZDI-22-1239 ZDI-CAN-17502 Siemens CVE-2022-39146 7.8 Sept. 16, 2022 Siemens Simcenter Femap X_T File Parsing Uninitialized Pointer Remote Code Execution Vulnerability ZDI-22-1238 ZDI-CAN-17496 Siemens CVE-2022-39145 7.8 Sept. 16, 2022 Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1237 ZDI-CAN-17494 Siemens CVE-2022-39144 7.8 Sept. 16, 2022 Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1236 ZDI-CAN-17493 Siemens CVE-2022-39143 7.8 Sept. 16, 2022 Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1235 ZDI-CAN-17485 Siemens CVE-2022-39142 7.8 Sept. 16, 2022 Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1234 ZDI-CAN-17296 Siemens CVE-2022-39141 3.3 Sept. 16, 2022 Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1233 ZDI-CAN-17292 Siemens CVE-2022-39140 7.8 Sept. 16, 2022 Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1232 ZDI-CAN-17289 Siemens CVE-2022-39139 7.8 Sept. 16, 2022 Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1231 ZDI-CAN-17284 Siemens CVE-2022-39138 7.8 Sept. 16, 2022 Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1230 ZDI-CAN-17276 Siemens CVE-2022-39137 3.3 Sept. 16, 2022 Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1229 ZDI-CAN-17617 Adobe CVE-2022-38415 7.8 Sept. 14, 2022 Adobe InDesign PCX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1228 ZDI-CAN-17616 Adobe CVE-2022-38414 7.8 Sept. 14, 2022 Adobe InDesign SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1227 ZDI-CAN-17615 Adobe CVE-2022-38413 7.8 Sept. 14, 2022 Adobe InDesign SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1226 ZDI-CAN-17614 Adobe CVE-2022-38417 7.8 Sept. 14, 2022 Adobe InDesign SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1225 ZDI-CAN-17613 Adobe CVE-2022-38416 7.8 Sept. 14, 2022 Adobe InDesign SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1224 ZDI-CAN-15935 D-Link CVE-2022-40720 8.8 Sept. 14, 2022 D-Link DIR-2150 xupnpd Dreambox Plugin Command Injection Remote Code Execution Vulnerability ZDI-22-1223 ZDI-CAN-15906 D-Link CVE-2022-40719 8.8 Sept. 14, 2022 D-Link DIR-2150 xupnpd_generic Plugin Command Injection Remote Code Execution Vulnerability ZDI-22-1222 ZDI-CAN-15905 D-Link CVE-2022-3210 8.8 Sept. 14, 2022 D-Link DIR-2150 xupnpd ui_upload Command Injection Remote Code Execution Vulnerability ZDI-22-1221 ZDI-CAN-15728 D-Link CVE-2022-40718 8.8 Sept. 14, 2022 D-Link DIR-2150 anweb websocket_data_handler Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1220 ZDI-CAN-15727 D-Link CVE-2022-40717 8.8 Sept. 14, 2022 D-Link DIR-2150 anweb action_handler Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1219 ZDI-CAN-15697 NIKON CVE-2022-40663 7.8 Sept. 14, 2022 (0Day) NIKON NIS-Elements Viewer TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1218 ZDI-CAN-15351 NIKON CVE-2022-40662 7.8 Sept. 14, 2022 (0Day) NIKON NIS-Elements Viewer TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1217 ZDI-CAN-15134 NIKON CVE-2022-40661 7.8 Sept. 14, 2022 (0Day) NIKON NIS-Elements Viewer BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1216 ZDI-CAN-15135 NIKON CVE-2022-40660 7.8 Sept. 14, 2022 (0Day) NIKON NIS-Elements Viewer PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1215 ZDI-CAN-15214 NIKON CVE-2022-40659 7.8 Sept. 14, 2022 (0Day) NIKON NIS-Elements Viewer TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1214 ZDI-CAN-15166 NIKON CVE-2022-40658 7.8 Sept. 14, 2022 (0Day) NIKON NIS-Elements Viewer TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1213 ZDI-CAN-15073 NIKON CVE-2022-40657 7.8 Sept. 14, 2022 (0Day) NIKON NIS-Elements Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1212 ZDI-CAN-15072 NIKON CVE-2022-40656 7.8 Sept. 14, 2022 (0Day) NIKON NIS-Elements Viewer ND2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1211 ZDI-CAN-15071 NIKON CVE-2022-40655 7.8 Sept. 14, 2022 (0Day) NIKON NIS-Elements Viewer ND2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1210 ZDI-CAN-18351 Ansys CVE-2022-40654 7.8 Sept. 14, 2022 (0Day) Ansys SpaceClaim X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1209 ZDI-CAN-18349 Ansys CVE-2022-40653 7.8 Sept. 14, 2022 (0Day) Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1208 ZDI-CAN-17846 Ansys CVE-2022-40652 7.8 Sept. 14, 2022 (0Day) Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1207 ZDI-CAN-17844 Ansys CVE-2022-40651 7.8 Sept. 14, 2022 (0Day) Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1206 ZDI-CAN-17838 Ansys CVE-2022-40650 7.8 Sept. 14, 2022 (0Day) Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1205 ZDI-CAN-17565 Ansys CVE-2022-40649 7.8 Sept. 14, 2022 (0Day) Ansys SpaceClaim X_B File Parsing Uninitialized Pointer Remote Code Execution Vulnerability ZDI-22-1204 ZDI-CAN-17563 Ansys CVE-2022-40648 7.8 Sept. 14, 2022 (0Day) Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1203 ZDI-CAN-17558 Ansys CVE-2022-40647 7.8 Sept. 14, 2022 (0Day) Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1202 ZDI-CAN-17541 Ansys CVE-2022-40646 7.8 Sept. 14, 2022 (0Day) Ansys SpaceClaim X_B File Parsing Uninitialized Pointer Remote Code Execution Vulnerability ZDI-22-1201 ZDI-CAN-17540 Ansys CVE-2022-40645 7.8 Sept. 14, 2022 (0Day) Ansys SpaceClaim X_B File Parsing Uninitialized Pointer Remote Code Execution Vulnerability ZDI-22-1200 ZDI-CAN-17408 Ansys CVE-2022-40644 7.8 Sept. 14, 2022 (0Day) Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1199 ZDI-CAN-17407 Ansys CVE-2022-40643 7.8 Sept. 14, 2022 (0Day) Ansys SpaceClaim X_B File Parsing Uninitialized Pointer Remote Code Execution Vulnerability ZDI-22-1198 ZDI-CAN-17318 Ansys CVE-2022-40642 7.8 Sept. 14, 2022 (0Day) Ansys SpaceClaim X_B File Parsing Uninitialized Pointer Remote Code Execution Vulnerability ZDI-22-1197 ZDI-CAN-17317 Ansys CVE-2022-40641 7.8 Sept. 14, 2022 (0Day) Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1196 ZDI-CAN-17308 Ansys CVE-2022-40640 7.8 Sept. 14, 2022 (0Day) Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1195 ZDI-CAN-17207 Ansys CVE-2022-40639 7.8 Sept. 14, 2022 (0Day) Ansys SpaceClaim SKP File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-1194 ZDI-CAN-17102 Ansys CVE-2022-40638 7.8 Sept. 14, 2022 (0Day) Ansys SpaceClaim X_B File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-1193 ZDI-CAN-17045 Ansys CVE-2022-40637 7.0 Sept. 14, 2022 (0Day) Ansys SpaceClaim JT File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-1192 ZDI-CAN-17044 Ansys CVE-2022-40636 7.0 Sept. 14, 2022 (0Day) Ansys SpaceClaim JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1191 ZDI-CAN-16435 Trend Micro CVE-2022-40143 7.3 Sept. 14, 2022 Trend Micro Apex One Link Following Local Privilege Escalation Vulnerability ZDI-22-1190 ZDI-CAN-16691 Trend Micro CVE-2022-40142 7.8 Sept. 14, 2022 Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability ZDI-22-1189 ZDI-CAN-16314 Trend Micro CVE-2022-40140 5.5 Sept. 14, 2022 Trend Micro Apex One Origin Validation Error Denial-of-Service Vulnerability ZDI-22-1188 ZDI-CAN-17463 Tesla CVE-2022-3093 7.6 Sept. 8, 2022 (Pwn2Own) Tesla ice_updater Time-Of-Check Time-Of-Use Code Execution Vulnerability ZDI-22-1187 ZDI-CAN-17448 ConnMan CVE-2022-32292 6.3 Sept. 8, 2022 (Pwn2Own) ConnMan received_data Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1186 ZDI-CAN-17447 ConnMan CVE-2022-32293 6.3 Sept. 8, 2022 (Pwn2Own) ConnMan wispr_portal_web_result wp_object Double Free Remote Code Execution Vulnerability ZDI-22-1185 ZDI-CAN-16214 Microsoft CVE-2022-34691 8.4 Sept. 6, 2022 Microsoft Windows Active Directory Certificate Services Improper Authorization Privilege Escalation Vulnerability ZDI-22-1184 ZDI-CAN-17695 ManageEngine CVE-2022-37024 7.2 Sept. 5, 2022 ManageEngine OpManager Plus getDNSResolveOption Command Injection Remote Code Execution Vulnerability ZDI-22-1183 ZDI-CAN-17697 ManageEngine CVE-2022-37024 7.2 Sept. 1, 2022 ManageEngine NetFlow Analyzer getDNSResolveOption Command Injection Remote Code Execution Vulnerability ZDI-22-1182 ZDI-CAN-18090 ManageEngine CVE-2022-38772 7.2 Sept. 1, 2022 ManageEngine OpManager getNmapInitialOption Command Injection Remote Code Execution Vulnerability ZDI-22-1181 ZDI-CAN-18091 ManageEngine CVE-2022-38772 7.2 Sept. 1, 2022 ManageEngine OpManager Plus getNmapInitialOption Command Injection Remote Code Execution Vulnerability ZDI-22-1180 ZDI-CAN-18092 ManageEngine CVE-2022-38772 7.2 Sept. 1, 2022 ManageEngine NetFlow Analyzer getNmapInitialOption Command Injection Remote Code Execution Vulnerability ZDI-22-1179 ZDI-CAN-17696 ManageEngine CVE-2022-37024 7.2 Sept. 1, 2022 ManageEngine OpManager getDNSResolveOption Command Injection Remote Code Execution Vulnerability ZDI-22-1178 ZDI-CAN-16829 Trend Micro CVE-2022-38764 7.3 Aug. 31, 2022 Trend Micro HouseCall Incorrect Permission Assignment Privilege Escalation Vulnerability ZDI-22-1177 ZDI-CAN-16606 Trend Micro CVE-2022-37348 4.4 Aug. 31, 2022 Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1176 ZDI-CAN-16605 Trend Micro CVE-2022-37347 4.4 Aug. 31, 2022 Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1175 ZDI-CAN-14557 Trend Micro CVE-2022-34893 7.8 Aug. 31, 2022 Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability ZDI-22-1174 ZDI-CAN-16362 Fatek Automation CVE-2022-2866 7.8 Aug. 25, 2022 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1173 ZDI-CAN-16361 Fatek Automation CVE-2022-2866 7.8 Aug. 25, 2022 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1172 ZDI-CAN-16360 Fatek Automation CVE-2022-2866 7.8 Aug. 25, 2022 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1171 ZDI-CAN-16358 Fatek Automation CVE-2022-2866 7.8 Aug. 25, 2022 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1170 ZDI-CAN-16304 Fatek Automation CVE-2022-2866 7.8 Aug. 25, 2022 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1169 ZDI-CAN-16296 Fatek Automation CVE-2022-2866 7.8 Aug. 25, 2022 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1168 ZDI-CAN-16271 Fatek Automation CVE-2022-2866 7.8 Aug. 25, 2022 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1167 ZDI-CAN-16270 Fatek Automation CVE-2022-2866 7.8 Aug. 25, 2022 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1166 ZDI-CAN-16889 Delta Electronics CVE-2022-2660 9.8 Aug. 24, 2022 Delta Industrial Automation DIALink Hardcoded Cryptographic Key Authentication Bypass Vulnerability ZDI-22-1165 ZDI-CAN-17291 Linux CVE-2022-2959 7.8 Aug. 24, 2022 Linux Kernel Watch Queue Race Condition Privilege Escalation Vulnerability ZDI-22-1164 ZDI-CAN-16212 Tencent 4.3 Aug. 23, 2022 (0Day) Tencent WeChat WXAM Decoder Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1163 ZDI-CAN-17361 ICONICS CVE-2022-33320 7.8 Aug. 23, 2022 ICONICS GENESIS64 PKGX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability ZDI-22-1162 ZDI-CAN-17360 ICONICS CVE-2022-33317 7.0 Aug. 23, 2022 ICONICS GENESIS64 GDFX File Parsing Path Traversal Remote Code Execution Vulnerability ZDI-22-1161 ZDI-CAN-17056 Softing CVE-2022-2336 9.8 Aug. 23, 2022 (Pwn2Own) Softing Secure Integration Server Use of Default Credentials Authentication Bypass Vulnerability ZDI-22-1160 ZDI-CAN-17058 Softing CVE-2022-2335 7.5 Aug. 23, 2022 Softing Secure Integration Server Content-Length Integer Underflow Denial-of-Service Vulnerability ZDI-22-1159 ZDI-CAN-17060 Softing CVE-2022-1069 7.5 Aug. 23, 2022 Softing Secure Integration Server Content-Length Out-Of-Bounds Read Denial-of-Service Vulnerability ZDI-22-1158 ZDI-CAN-17059 Softing CVE-2022-2547 7.5 Aug. 23, 2022 Softing Secure Integration Server Content-Type NULL Pointer Dereference Denial-of-Service Vulnerability ZDI-22-1157 ZDI-CAN-17057 Softing CVE-2022-2337 7.5 Aug. 23, 2022 Softing Secure Integration Server URI NULL Pointer Dereference Denial-of-Service Vulnerability ZDI-22-1156 ZDI-CAN-17255 Softing CVE-2022-1373 7.2 Aug. 23, 2022 (Pwn2Own) Softing Secure Integration Server UnZipFolder Directory Traversal Remote Code Execution Vulnerability ZDI-22-1155 ZDI-CAN-17214 Softing CVE-2022-2338 5.7 Aug. 23, 2022 (Pwn2Own) Softing Secure Integration Server Cleartext Transmission of Sensitive Information Authentication Bypass Vulnerability ZDI-22-1154 ZDI-CAN-17234 Softing CVE-2022-2334 7.2 Aug. 23, 2022 (Pwn2Own) Softing Secure Integration Server wbemcomn Uncontrolled Search Path Element Privilege Escalation Vulnerability ZDI-22-1153 ZDI-CAN-16442 Softing CVE-2022-1748 7.5 Aug. 23, 2022 (Pwn2Own) Softing Secure Integration Server OPC UA Messages NULL Pointer Dereference Denial-of-Service Vulnerability ZDI-22-1152 ZDI-CAN-17468 Oracle 7.5 Aug. 23, 2022 (0Day) (Pwn2Own) Oracle VirtualBox IEM PGMPhysRead Out-Of-Bounds Write Local Privilege Escalation Vulnerability ZDI-22-1151 ZDI-CAN-17431 Oracle 4.4 Aug. 23, 2022 (0Day) (Pwn2Own) Oracle VirtualBox SLIRP sosendoob Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1150 ZDI-CAN-15341 Omron 7.8 Aug. 23, 2022 Omron CX-One CX-Programmer CXP File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-1149 ZDI-CAN-16433 Measuresoft CVE-2022-2897 7.8 Aug. 23, 2022 Measuresoft ScadaPro Server Link Following Local Privilege Escalation Vulnerability ZDI-22-1148 ZDI-CAN-16426 Measuresoft CVE-2022-2897 7.8 Aug. 23, 2022 Measuresoft ScadaPro Client Link Following Local Privilege Escalation Vulnerability ZDI-22-1147 ZDI-CAN-16422 Measuresoft CVE-2022-2897 7.8 Aug. 23, 2022 Measuresoft ScadaPro Client Link Following Local Privilege Escalation Vulnerability ZDI-22-1146 ZDI-CAN-16417 Measuresoft CVE-2022-2897 7.8 Aug. 23, 2022 Measuresoft ScadaPro Server Link Following Local Privilege Escalation Vulnerability ZDI-22-1145 ZDI-CAN-16403 Measuresoft CVE-2022-2897 7.8 Aug. 23, 2022 Measuresoft ScadaPro Server Link Following Local Privilege Escalation Vulnerability ZDI-22-1144 ZDI-CAN-16402 Measuresoft CVE-2022-2897 7.8 Aug. 23, 2022 Measuresoft ScadaPro Server Link Following Local Privilege Escalation Vulnerability ZDI-22-1143 ZDI-CAN-16263 Measuresoft CVE-2022-2896 7.8 Aug. 23, 2022 Measuresoft ScadaPro Server ORM File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-1142 ZDI-CAN-16262 Measuresoft CVE-2022-2895 7.8 Aug. 23, 2022 Measuresoft ScadaPro Server ORM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1141 ZDI-CAN-16244 Measuresoft CVE-2022-2895 7.8 Aug. 23, 2022 Measuresoft ScadaPro Server ORM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1140 ZDI-CAN-16261 Measuresoft CVE-2022-2894 7.8 Aug. 23, 2022 Measuresoft ScadaPro Server ORM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ZDI-22-1139 ZDI-CAN-16243 Measuresoft CVE-2022-2894 7.8 Aug. 23, 2022 Measuresoft ScadaPro Server ORM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ZDI-22-1138 ZDI-CAN-16236 Measuresoft CVE-2022-2894 7.8 Aug. 23, 2022 Measuresoft ScadaPro Server ORM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ZDI-22-1137 ZDI-CAN-16234 Measuresoft CVE-2022-2894 7.8 Aug. 23, 2022 Measuresoft ScadaPro Server ORM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ZDI-22-1136 ZDI-CAN-16233 Measuresoft CVE-2022-2894 7.8 Aug. 23, 2022 Measuresoft ScadaPro Server ORM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ZDI-22-1135 ZDI-CAN-16232 Measuresoft CVE-2022-2894 7.8 Aug. 23, 2022 Measuresoft ScadaPro Server ORM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ZDI-22-1134 ZDI-CAN-16231 Measuresoft CVE-2022-2894 7.8 Aug. 23, 2022 Measuresoft ScadaPro Server ORM File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ZDI-22-1133 ZDI-CAN-16235 Measuresoft CVE-2022-2892 7.8 Aug. 23, 2022 Measuresoft ScadaPro Server ORM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1132 ZDI-CAN-16423 Measuresoft CVE-2022-2898 6.1 Aug. 23, 2022 Measuresoft ScadaPro Client Link Following Denial-of-Service Vulnerability ZDI-22-1131 ZDI-CAN-16434 Measuresoft CVE-2022-2898 6.1 Aug. 23, 2022 Measuresoft ScadaPro Server Link Following Denial-of-Service Vulnerability ZDI-22-1130 ZDI-CAN-17034 Apple CVE-2022-32797 3.3 Aug. 23, 2022 Apple macOS AppleScript TASUnparser_PrintObject Untrusted Pointer Dereference Information Disclosure Vulnerability ZDI-22-1129 ZDI-CAN-17370 AVEVA CVE-2022-36970 7.8 Aug. 23, 2022 AVEVA Edge APP File Insufficient UI Warning Remote Code Execution Vulnerability ZDI-22-1128 ZDI-CAN-17394 AVEVA CVE-2022-36969 5.5 Aug. 23, 2022 AVEVA Edge LoadImportedLibraries XML External Entity Processing Information Disclosure Vulnerability ZDI-22-1127 ZDI-CAN-17201 AVEVA CVE-2022-28688 7.8 Aug. 23, 2022 (Pwn2Own) AVEVA Edge Uncontrolled Search Path Element Remote Code Execution Vulnerability ZDI-22-1126 ZDI-CAN-16257 AVEVA CVE-2022-28687 7.8 Aug. 23, 2022 (Pwn2Own) AVEVA Edge Uncontrolled Search Path Element Remote Code Execution Vulnerability ZDI-22-1125 ZDI-CAN-17114 AVEVA CVE-2022-28686 7.8 Aug. 23, 2022 (Pwn2Own) AVEVA Edge Uncontrolled Search Path Element Remote Code Execution Vulnerability ZDI-22-1124 ZDI-CAN-17212 AVEVA CVE-2022-28685 7.8 Aug. 23, 2022 (Pwn2Own) AVEVA Edge SetBytesToManagedControl Deserialization of Untrusted Data Remote Code Execution Vulnerability ZDI-22-1123 ZDI-CAN-17417 Apple CVE-2022-32792 8.8 Aug. 18, 2022 (Pwn2Own) Apple Safari Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1122 ZDI-CAN-18088 ManageEngine CVE-2022-36923 9.4 Aug. 18, 2022 ManageEngine OpManager Plus getUserAPIKey Authentication Bypass Vulnerability ZDI-22-1121 ZDI-CAN-18089 ManageEngine CVE-2022-36923 9.4 Aug. 18, 2022 ManageEngine NetFlow Analyzer getUserAPIKey Authentication Bypass Vulnerability ZDI-22-1120 ZDI-CAN-18087 ManageEngine CVE-2022-36923 9.4 Aug. 18, 2022 ManageEngine OpManager getUserAPIKey Authentication Bypass Vulnerability ZDI-22-1119 ZDI-CAN-17698 ManageEngine CVE-2022-36923 9.8 Aug. 18, 2022 ManageEngine Network Configuration Manager getUserAPIKey Authentication Bypass Vulnerability ZDI-22-1118 ZDI-CAN-17470 Linux CVE-2022-2586 8.8 Aug. 18, 2022 (Pwn2Own) Linux Kernel nft_object Use-After-Free Privilege Escalation Vulnerability ZDI-22-1117 ZDI-CAN-17440 Linux CVE-2022-2588 8.8 Aug. 18, 2022 (Pwn2Own) Linux Kernel route4_change Double Free Privilege Escalation Vulnerability ZDI-22-1116 ZDI-CAN-16989 Adobe CVE-2022-35678 3.3 Aug. 18, 2022 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1115 ZDI-CAN-16999 Adobe CVE-2022-35671 3.3 Aug. 18, 2022 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1114 ZDI-CAN-17622 Adobe CVE-2022-35675 7.8 Aug. 18, 2022 Adobe FrameMaker SVG File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-1113 ZDI-CAN-17623 Adobe CVE-2022-35674 7.8 Aug. 18, 2022 Adobe FrameMaker SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1112 ZDI-CAN-17377 Adobe CVE-2022-35667 7.8 Aug. 18, 2022 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1111 ZDI-CAN-17624 Adobe CVE-2022-35673 7.8 Aug. 18, 2022 Adobe FrameMaker SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1110 ZDI-CAN-17625 Adobe CVE-2022-35676 7.8 Aug. 18, 2022 Adobe FrameMaker SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1109 ZDI-CAN-17626 Adobe CVE-2022-35677 7.8 Aug. 18, 2022 Adobe FrameMaker SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1108 ZDI-CAN-17080 Adobe CVE-2022-34263 7.8 Aug. 18, 2022 Adobe Illustrator Font Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-1107 ZDI-CAN-17074 Adobe CVE-2022-34262 3.3 Aug. 18, 2022 Adobe Illustrator Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1106 ZDI-CAN-17073 Adobe CVE-2022-34264 3.3 Aug. 18, 2022 Adobe FrameMaker Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1105 ZDI-CAN-17071 Adobe CVE-2022-34261 3.3 Aug. 18, 2022 Adobe Illustrator Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1104 ZDI-CAN-17066 Adobe CVE-2022-34260 7.8 Aug. 18, 2022 Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1103 ZDI-CAN-18069 PDF-XChange CVE-2022-37375 3.3 Aug. 18, 2022 PDF-XChange Editor JPC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1102 ZDI-CAN-18068 PDF-XChange CVE-2022-37374 7.8 Aug. 18, 2022 PDF-XChange Editor PNG File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-1101 ZDI-CAN-17810 PDF-XChange CVE-2022-37373 3.3 Aug. 18, 2022 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1100 ZDI-CAN-17809 PDF-XChange CVE-2022-37372 7.8 Aug. 18, 2022 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1099 ZDI-CAN-17772 PDF-XChange CVE-2022-37371 7.8 Aug. 18, 2022 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1098 ZDI-CAN-17725 PDF-XChange CVE-2022-37370 3.3 Aug. 18, 2022 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1097 ZDI-CAN-17724 PDF-XChange CVE-2022-37369 7.8 Aug. 18, 2022 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1096 ZDI-CAN-17728 PDF-XChange CVE-2022-37368 3.3 Aug. 18, 2022 PDF-XChange Editor Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1095 ZDI-CAN-17726 PDF-XChange CVE-2022-37367 7.8 Aug. 18, 2022 PDF-XChange Editor AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1094 ZDI-CAN-17727 PDF-XChange CVE-2022-37366 7.8 Aug. 18, 2022 PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1093 ZDI-CAN-17527 PDF-XChange CVE-2022-37365 7.8 Aug. 18, 2022 PDF-XChange Editor saveAs Exposed Dangerous Method Remote Code Execution Vulnerability ZDI-22-1092 ZDI-CAN-17634 PDF-XChange CVE-2022-37364 7.8 Aug. 18, 2022 PDF-XChange Editor EMF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1091 ZDI-CAN-17673 PDF-XChange CVE-2022-37363 7.8 Aug. 18, 2022 PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1090 ZDI-CAN-17660 PDF-XChange CVE-2022-37362 7.8 Aug. 18, 2022 PDF-XChange Editor PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1089 ZDI-CAN-17674 PDF-XChange CVE-2022-37361 3.3 Aug. 18, 2022 PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1088 ZDI-CAN-17635 PDF-XChange CVE-2022-37360 3.3 Aug. 18, 2022 PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1087 ZDI-CAN-17633 PDF-XChange CVE-2022-37359 7.8 Aug. 18, 2022 PDF-XChange Editor J2K File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-1086 ZDI-CAN-17632 PDF-XChange CVE-2022-37358 7.8 Aug. 18, 2022 PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1085 ZDI-CAN-17631 PDF-XChange CVE-2022-37357 7.8 Aug. 18, 2022 PDF-XChange Editor ICO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1084 ZDI-CAN-17630 PDF-XChange CVE-2022-37356 7.8 Aug. 18, 2022 PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1083 ZDI-CAN-17629 PDF-XChange CVE-2022-37355 7.8 Aug. 18, 2022 PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1082 ZDI-CAN-17628 PDF-XChange CVE-2022-37354 7.8 Aug. 18, 2022 PDF-XChange Editor J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1081 ZDI-CAN-17637 PDF-XChange CVE-2022-37353 3.3 Aug. 18, 2022 PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1080 ZDI-CAN-17638 PDF-XChange CVE-2022-37352 3.3 Aug. 18, 2022 PDF-XChange Editor WMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1079 ZDI-CAN-17636 PDF-XChange CVE-2022-37351 3.3 Aug. 18, 2022 PDF-XChange Editor J2K File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1078 ZDI-CAN-17144 PDF-XChange CVE-2022-37350 7.8 Aug. 18, 2022 PDF-XChange Editor Collab Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1077 ZDI-CAN-17444 Microsoft CVE-2022-34699 8.8 Aug. 18, 2022 (Pwn2Own) Microsoft Windows win32kbase Use-After-Free Privilege Escalation Vulnerability ZDI-22-1076 ZDI-CAN-17142 PDF-XChange CVE-2022-37349 7.8 Aug. 18, 2022 PDF-XChange Editor submitForm Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1075 ZDI-CAN-17679 Microsoft CVE-2022-35750 8.8 Aug. 18, 2022 Microsoft Windows win32kfull Bitmap Use-After-Free Local Privilege Escalation Vulnerability ZDI-22-1074 ZDI-CAN-17384 Microsoft CVE-2022-35742 7.5 Aug. 18, 2022 Microsoft Outlook MIME Header Heap Corruption Denial-of-Service Vulnerability ZDI-22-1073 ZDI-CAN-13069 Microsoft CVE-2022-30194 7.8 Aug. 18, 2022 Microsoft Windows Untrusted Script Execution Remote Code Execution Vulnerability ZDI-22-1072 ZDI-CAN-17396 Microsoft CVE-2022-34703 8.8 Aug. 18, 2022 (Pwn2Own) Microsoft Windows partmgr Integer Overflow Privilege Escalation Vulnerability ZDI-22-1071 ZDI-CAN-17426 Microsoft CVE-2022-33670 8.8 Aug. 18, 2022 (Pwn2Own) Microsoft Windows partmgr Improper Authorization Privilege Escalation Vulnerability ZDI-22-1070 ZDI-CAN-17429 Microsoft CVE-2022-35751 8.8 Aug. 18, 2022 (Pwn2Own) Microsoft Windows vhdmp Driver Improper Authorization Privilege Escalation Vulnerability ZDI-22-1069 ZDI-CAN-17441 Microsoft CVE-2022-35750 8.8 Aug. 18, 2022 (Pwn2Own) Microsoft Windows cdd Driver Memory Corruption Privilege Escalation Vulnerability ZDI-22-1068 ZDI-CAN-17430 Microsoft CVE-2022-35820 8.8 Aug. 18, 2022 (Pwn2Own) Microsoft Windows bthport Driver Improper Authorization Local Privilege Escalation Vulnerability ZDI-22-1067 ZDI-CAN-14808 NetBSD 5.5 Aug. 15, 2022 NetBSD Kernel stat System Call Uninitialized Memory Information Disclosure Vulnerability ZDI-22-1066 ZDI-CAN-15588 Apple CVE-2022-26696 7.8 Aug. 15, 2022 Apple macOS LaunchServices Sandbox Escape Privilege Escalation Vulnerability ZDI-22-1065 ZDI-CAN-15191 Apple CVE-2022-22630 8.1 Aug. 15, 2022 Apple macOS Remote Events Memory Corruption Remote Code Execution Vulnerability ZDI-22-1064 ZDI-CAN-17371 OPC Foundation CVE-2022-33916 5.3 Aug. 5, 2022 OPC Foundation UA .NET Standard BrowseRequest Missing Authentication Information Disclosure Vulnerability ZDI-22-1063 ZDI-CAN-17661 Foxit CVE-2022-37391 7.8 Aug. 5, 2022 Foxit PDF Reader AcroForm deletePages Use-After-Free Remote Code Execution Vulnerability ZDI-22-1062 ZDI-CAN-17551 Foxit CVE-2022-37390 7.8 Aug. 5, 2022 Foxit PDF Reader AcroForm deletePages Use-After-Free Remote Code Execution Vulnerability ZDI-22-1061 ZDI-CAN-17545 Foxit CVE-2022-37389 7.8 Aug. 5, 2022 Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability ZDI-22-1060 ZDI-CAN-17516 Foxit CVE-2022-37388 7.8 Aug. 5, 2022 Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1059 ZDI-CAN-17552 Foxit CVE-2022-37387 7.8 Aug. 5, 2022 Foxit PDF Reader AcroForm deletePages Use-After-Free Remote Code Execution Vulnerability ZDI-22-1058 ZDI-CAN-17550 Foxit CVE-2022-37386 3.3 Aug. 5, 2022 Foxit PDF Reader AcroForm resetForm Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1057 ZDI-CAN-17301 Foxit CVE-2022-37385 7.8 Aug. 5, 2022 Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability ZDI-22-1056 ZDI-CAN-17327 Foxit CVE-2022-37384 7.8 Aug. 5, 2022 Foxit PDF Reader delay Use-After-Free Remote Code Execution Vulnerability ZDI-22-1055 ZDI-CAN-17111 Foxit CVE-2022-37383 3.3 Aug. 5, 2022 Foxit PDF Reader Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1054 ZDI-CAN-17383 Foxit CVE-2022-37382 3.3 Aug. 5, 2022 Foxit PDF Reader removeIcon Use-After-Free Information Disclosure Vulnerability ZDI-22-1053 ZDI-CAN-17110 Foxit CVE-2022-37381 7.8 Aug. 5, 2022 Foxit PDF Reader AFSpecial_KeystrokeEx Memory Corruption Remote Code Execution Vulnerability ZDI-22-1052 ZDI-CAN-17169 Foxit CVE-2022-37380 3.3 Aug. 5, 2022 Foxit PDF Reader newConnection Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1051 ZDI-CAN-17168 Foxit CVE-2022-37379 3.3 Aug. 5, 2022 Foxit PDF Reader AFSpecial_KeystrokeEx Use-After-Free Information Disclosure Vulnerability ZDI-22-1050 ZDI-CAN-16867 Foxit CVE-2022-37378 7.8 Aug. 5, 2022 Foxit PDF Editor JavaScript Optimization Use-After-Free Remote Code Execution Vulnerability ZDI-22-1049 ZDI-CAN-16733 Foxit CVE-2022-37377 7.8 Aug. 5, 2022 Foxit PDF Editor JavaScript Optimization Type Confusion Remote Code Execution Vulnerability ZDI-22-1048 ZDI-CAN-16599 Foxit CVE-2022-37376 3.3 Aug. 5, 2022 Foxit PDF Editor JavaScript Array Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1047 ZDI-CAN-15984 Cisco CVE-2022-20827 8.8 Aug. 4, 2022 Cisco RV340 wfapp Command Injection Remote Code Execution Vulnerability ZDI-22-1046 ZDI-CAN-15361 Docker CVE-2022-23774 7.8 Aug. 4, 2022 Docker Desktop Exposed Dangerous Method Local Privilege Escalation Vulnerability ZDI-22-1045 ZDI-CAN-16766 Microsoft CVE-2022-24542 8.8 Aug. 4, 2022 Microsoft Windows win32kfull UMPDDrvStrokeAndFillPath Use-After-Free Local Privilege Escalation Vulnerability ZDI-22-1044 ZDI-CAN-17389 ICONICS CVE-2022-33319 6.5 Aug. 3, 2022 ICONICS GENESIS64 GenBroker64 Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1043 ZDI-CAN-16253 ICONICS CVE-2022-33315 7.8 Aug. 3, 2022 ICONICS GENESIS64 GraphWorX64 TDFX File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability ZDI-22-1042 ZDI-CAN-16509 ICONICS CVE-2022-29834 7.5 Aug. 3, 2022 ICONICS GENESIS64 colorpalletes Directory Traversal Information Disclosure Vulnerability ZDI-22-1041 ZDI-CAN-17200 ICONICS CVE-2022-33318 9.8 Aug. 3, 2022 (Pwn2Own) ICONICS GENESIS64 genbroker64 Use-After-Free Remote Code Execution Vulnerability ZDI-22-1040 ZDI-CAN-17215 ICONICS CVE-2022-33316 7.8 Aug. 3, 2022 (Pwn2Own) ICONICS GENESIS64 ColorPaletteEntry Deserialization of Untrusted Data Remote Code Execution Vulnerability ZDI-22-1039 ZDI-CAN-17198 ICONICS CVE-2022-33317 7.8 Aug. 3, 2022 (Pwn2Own) ICONICS GENESIS64 TDFX File Parsing Exposed Dangerous Function Remote Code Execution Vulnerability ZDI-22-1038 ZDI-CAN-15981 Lexmark CVE-2022-24935 8.8 Aug. 2, 2022 Lexmark MC3224i Firmware Downgrade Remote Code Execution Vulnerability ZDI-22-1037 ZDI-CAN-14809 NetBSD 5.5 Aug. 2, 2022 NetBSD Kernel getkerninfo System Call Uninitialized Memory Information Disclosure Vulnerability ZDI-22-1036 ZDI-CAN-14807 NetBSD 5.5 Aug. 2, 2022 Aug. 3, 2022 NetBSD Kernel stat System Call Uninitialized Memory Information Disclosure Vulnerability ZDI-22-1035 ZDI-CAN-16887 Autodesk CVE-2022-33882 7.8 July 29, 2022 Autodesk Desktop App Link Following Local Privilege Escalation Vulnerability ZDI-22-1034 ZDI-CAN-16882 Autodesk CVE-2022-33882 7.8 July 29, 2022 Autodesk Desktop App Link Following Local Privilege Escalation Vulnerability ZDI-22-1033 ZDI-CAN-16692 Trend Micro CVE-2022-36336 7.8 July 28, 2022 Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability ZDI-22-1032 ZDI-CAN-17481 EnterpriseDT CVE-2022-2560 8.2 July 28, 2022 EnterpriseDT CompleteFTP Server HttpFile Directory Traversal Arbitrary File Deletion Vulnerability ZDI-22-1031 ZDI-CAN-16596 OPC Labs CVE-2022-2561 7.8 July 28, 2022 OPC Labs QuickOPC Connectivity Explorer Deserialization of Untrusted Data Remote Code Execution Vulnerability ZDI-22-1030 ZDI-CAN-16927 Unified Automation CVE-2022-37012 7.5 July 28, 2022 July 28, 2022 (Pwn2Own) Unified Automation OPC UA C++ Improper Update of Reference Count Denial-of-Service Vulnerability ZDI-22-1029 ZDI-CAN-17203 Unified Automation CVE-2022-37013 7.5 July 28, 2022 July 28, 2022 (Pwn2Own) Unified Automation OPC UA C++ Infinite Loop Denial-of-Service Vulnerability ZDI-22-1028 ZDI-CAN-16967 Adobe CVE-2022-35672 7.8 July 28, 2022 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1027 ZDI-CAN-16961 Adobe CVE-2022-35669 3.3 July 28, 2022 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1026 ZDI-CAN-16769 Oracle CVE-2022-21550 9.8 July 27, 2022 Oracle MySQL Cluster Data Node Integer Underflow Remote Code Execution Vulnerability ZDI-22-1025 ZDI-CAN-15594 Siemens CVE-2022-27653 7.8 July 15, 2022 Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1024 ZDI-CAN-16768 Microsoft CVE-2022-24542 8.8 July 15, 2022 Microsoft Windows win32kfull UMPDDrvStartBanding Use-After-Free Local Privilege Escalation Vulnerability ZDI-22-1023 ZDI-CAN-16767 Microsoft CVE-2022-24542 8.8 July 15, 2022 Microsoft Windows win32kfull UMPDDrvFillPath Use-After-Free Local Privilege Escalation Vulnerability ZDI-22-1022 ZDI-CAN-16760 Microsoft CVE-2022-24542 8.8 July 15, 2022 Microsoft Windows win32kfull UMPDDrvFontManagement Use-After-Free Local Privilege Escalation Vulnerability ZDI-22-1021 ZDI-CAN-16259 VMware 8.1 July 28, 2022 July 28, 2022 VMware ESXi TCP/IP Memory Corruption Remote Code Execution Vulnerability ZDI-22-1020 ZDI-CAN-16949 Inductive Automation CVE-2022-35873 7.8 July 15, 2022 (Pwn2Own) Inductive Automation Ignition ZIP File Insufficient UI Warning Remote Code Execution Vulnerability ZDI-22-1019 ZDI-CAN-17115 Inductive Automation CVE-2022-35872 7.8 July 15, 2022 (Pwn2Own) Inductive Automation Ignition Deserialization of Untrusted Data Remote Code Execution Vulnerability ZDI-22-1018 ZDI-CAN-17206 Inductive Automation CVE-2022-35871 8.1 July 15, 2022 (Pwn2Own) Inductive Automation Ignition Missing Authentication for Critical Function Remote Code Execution Vulnerability ZDI-22-1017 ZDI-CAN-17265 Inductive Automation CVE-2022-35870 8.8 July 15, 2022 (Pwn2Own) Inductive Automation Ignition Deserialization of Untrusted Data Remote Code Execution Vulnerability ZDI-22-1016 ZDI-CAN-17211 Inductive Automation CVE-2022-35869 7.5 July 15, 2022 (Pwn2Own) Inductive Automation Ignition Authentication Bypass Vulnerability ZDI-22-1015 ZDI-CAN-16321 ABB CVE-2022-31219 7.3 July 15, 2022 ABB Automation Builder Platform Link Following Local Privilege Escalation Vulnerability ZDI-22-1014 ZDI-CAN-16281 ABB CVE-2022-31218 7.8 July 15, 2022 ABB Automation Builder Platform Link Following Local Privilege Escalation Vulnerability ZDI-22-1013 ZDI-CAN-16277 ABB CVE-2022-31217 7.8 July 15, 2022 ABB Automation Builder Platform Link Following Local Privilege Escalation Vulnerability ZDI-22-1012 ZDI-CAN-16276 ABB CVE-2022-31216 7.8 July 15, 2022 ABB Automation Builder Platform Link Following Local Privilege Escalation Vulnerability ZDI-22-1011 ZDI-CAN-15933 Autodesk CVE-2022-33881 7.8 July 14, 2022 Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1010 ZDI-CAN-15931 Autodesk CVE-2022-33881 7.8 July 14, 2022 Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-1009 ZDI-CAN-17078 Adobe CVE-2022-34249 7.8 July 14, 2022 Adobe InCopy Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1008 ZDI-CAN-17083 Adobe CVE-2022-34250 7.8 July 14, 2022 Adobe InCopy Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1007 ZDI-CAN-17075 Adobe CVE-2022-34252 3.3 July 14, 2022 Adobe InCopy Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1006 ZDI-CAN-17068 Adobe CVE-2022-34251 7.8 July 14, 2022 Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1005 ZDI-CAN-17082 Adobe CVE-2022-34246 7.8 July 14, 2022 Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1004 ZDI-CAN-17079 Adobe CVE-2022-34245 7.8 July 14, 2022 Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-1003 ZDI-CAN-17076 Adobe CVE-2022-34248 3.3 July 14, 2022 Adobe InDesign Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-1002 ZDI-CAN-17067 Adobe CVE-2022-34247 7.8 July 14, 2022 Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-1001 ZDI-CAN-16919 Adobe CVE-2022-34216 7.8 July 13, 2022 Adobe Acrobat Reader DC PDF Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-1000 ZDI-CAN-17277 Adobe CVE-2022-34227 7.8 July 13, 2022 Adobe Acrobat Reader DC AcroForm value Use-After-Free Remote Code Execution Vulnerability ZDI-22-999 ZDI-CAN-17621 Adobe CVE-2022-34241 7.8 July 13, 2022 Adobe Character Animator SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-998 ZDI-CAN-16955 Adobe CVE-2022-34220 7.8 July 13, 2022 Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-997 ZDI-CAN-17620 Adobe CVE-2022-34242 7.8 July 13, 2022 Adobe Character Animator SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-996 ZDI-CAN-17324 Adobe CVE-2022-34225 7.8 July 13, 2022 Adobe Acrobat Reader DC AcroForm exportValues Use-After-Free Remote Code Execution Vulnerability ZDI-22-995 ZDI-CAN-17319 Adobe CVE-2022-34223 7.8 July 13, 2022 Adobe Acrobat Reader DC AcroForm currentValueIndices Use-After-Free Remote Code Execution Vulnerability ZDI-22-994 ZDI-CAN-17018 Adobe CVE-2022-34226 7.8 July 13, 2022 Adobe Acrobat Reader DC PDF Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-993 ZDI-CAN-17307 Adobe CVE-2022-34229 7.8 July 13, 2022 Adobe Acrobat Reader DC AcroForm rect Use-After-Free Remote Code Execution Vulnerability ZDI-22-992 ZDI-CAN-17303 Adobe CVE-2022-34224 7.8 July 13, 2022 Adobe Acrobat Reader DC AcroForm setItems Use-After-Free Remote Code Execution Vulnerability ZDI-22-991 ZDI-CAN-17385 Adobe CVE-2022-34228 7.8 July 13, 2022 Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability ZDI-22-990 ZDI-CAN-16952 Adobe CVE-2022-34217 7.8 July 13, 2022 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-989 ZDI-CAN-17063 Adobe CVE-2022-34219 7.8 July 13, 2022 Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-988 ZDI-CAN-17026 Adobe CVE-2022-34222 7.8 July 13, 2022 Adobe Acrobat Reader DC query Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-987 ZDI-CAN-17001 Adobe CVE-2022-34243 7.8 July 13, 2022 Adobe Photoshop U3D File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-986 ZDI-CAN-17002 Adobe CVE-2022-34244 3.3 July 13, 2022 Adobe Photoshop U3D File Parsing Uninitialized Variable Information Disclosure Vulnerability ZDI-22-985 ZDI-CAN-16998 Adobe CVE-2022-34233 3.3 July 13, 2022 Adobe Acrobat Reader DC Doc print Use-After-Free Information Disclosure Vulnerability ZDI-22-984 ZDI-CAN-17167 Adobe CVE-2022-34234 3.3 July 13, 2022 Adobe Acrobat Reader DC Doc printWithParams Use-After-Free Information Disclosure Vulnerability ZDI-22-983 ZDI-CAN-16826 Adobe CVE-2022-34215 7.8 July 13, 2022 Adobe Acrobat Reader DC Annotation Polygon Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-982 ZDI-CAN-16876 Adobe CVE-2022-34232 3.3 July 13, 2022 Adobe Acrobat Reader DC Annotation print Use-After-Free Information Disclosure Vulnerability ZDI-22-981 ZDI-CAN-16953 Adobe CVE-2022-34237 3.3 July 13, 2022 Adobe Acrobat Reader DC Font Parsing Use-After-Free Information Disclosure Vulnerability ZDI-22-980 ZDI-CAN-16965 Adobe CVE-2022-34239 3.3 July 13, 2022 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-979 ZDI-CAN-16966 Adobe CVE-2022-34236 3.3 July 13, 2022 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-978 ZDI-CAN-16801 Microsoft CVE-2022-22034 8.8 July 12, 2022 Microsoft Windows win32kfull UMPDDrvStretchBltROP Use-After-Free Local Privilege Escalation Vulnerability ZDI-22-977 ZDI-CAN-16800 Microsoft CVE-2022-22034 8.8 July 12, 2022 Microsoft Windows win32kfull UMPDDrvAlphaBlend Use-After-Free Local Privilege Escalation Vulnerability ZDI-22-976 ZDI-CAN-16799 Microsoft CVE-2022-22034 8.8 July 12, 2022 Microsoft Windows win32kfull UMPDDrvCopyBits Use-After-Free Local Privilege Escalation Vulnerability ZDI-22-975 ZDI-CAN-16798 Microsoft CVE-2022-22034 8.8 July 12, 2022 Microsoft Windows win32kfull UMPDDrvStretchBlt Use-After-Free Local Privilege Escalation Vulnerability ZDI-22-974 ZDI-CAN-16797 Microsoft CVE-2022-22034 8.8 July 12, 2022 Microsoft Windows win32kfull UMPDDrvPlgBlt Use-After-Free Local Privilege Escalation Vulnerability ZDI-22-973 ZDI-CAN-16796 Microsoft CVE-2022-22034 8.8 July 12, 2022 Microsoft Windows win32kfull UMPDDrvTransparentBlt Use-After-Free Local Privilege Escalation Vulnerability ZDI-22-972 ZDI-CAN-16795 Microsoft CVE-2022-22034 8.8 July 12, 2022 Microsoft Windows win32kfull UMPDDrvBitBlt Use-After-Free Local Privilege Escalation Vulnerability ZDI-22-971 ZDI-CAN-16765 Microsoft CVE-2022-22034 8.8 July 12, 2022 Microsoft Windows win32kfull UMPDDrvStrokePath Use-After-Free Local Privilege Escalation Vulnerability ZDI-22-970 ZDI-CAN-16764 Microsoft CVE-2022-22034 8.8 July 12, 2022 Microsoft Windows win32kfull UMPDDrvGradientFill Use-After-Free Local Privilege Escalation Vulnerability ZDI-22-969 ZDI-CAN-16762 Microsoft CVE-2022-22034 8.8 July 12, 2022 Microsoft Windows win32kfull UMPDDrvTextOut Use-After-Free Local Privilege Escalation Vulnerability ZDI-22-968 ZDI-CAN-16709 BMC CVE-2022-35865 7.3 July 12, 2022 July 14, 2022 BMC Track-It! HTTP Module Improper Access Control Remote Code Execution Vulnerability ZDI-22-967 ZDI-CAN-16690 BMC CVE-2022-35864 5.3 July 12, 2022 July 14, 2022 BMC Track-It! GetPopupSubQueryDetails SQL Injection Information Disclosure Vulnerability ZDI-22-966 ZDI-CAN-17293 Siemens CVE-2022-34748 7.8 July 12, 2022 Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-965 ZDI-CAN-15420 Siemens CVE-2022-34465 7.8 July 12, 2022 Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-964 ZDI-CAN-16062 X.Org CVE-2022-2319 7.8 July 12, 2022 X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access Local Privilege Escalation Vulnerability ZDI-22-963 ZDI-CAN-16070 X.Org CVE-2022-2320 7.8 July 12, 2022 X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access Local Privilege Escalation Vulnerability ZDI-22-962 ZDI-CAN-16650 Trend Micro CVE-2022-35234 4.4 July 11, 2022 Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-961 ZDI-CAN-17325 Linux 8.2 July 11, 2022 Linux Kernel LightNVM Subsystem Heap-based Overflow Privilege Escalation Vulnerability ZDI-22-960 ZDI-CAN-17194 Linux CVE-2022-2991 8.2 July 11, 2022 Aug. 25, 2022 Linux Kernel LightNVM Subsystem Heap-based Overflow Privilege Escalation Vulnerability ZDI-22-959 ZDI-CAN-17139 Vinchin CVE-2022-35866 9.8 July 8, 2022 July 14, 2022 (0Day) Vinchin Backup and Recovery MySQL Server Use of Hard-coded Credentials Authentication Bypass Vulnerability ZDI-22-958 ZDI-CAN-16526 SAP CVE-2022-32238 7.8 July 7, 2022 SAP 3D Visual Enterprise Viewer EPS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-957 ZDI-CAN-16510 SAP CVE-2022-32236 7.8 July 7, 2022 SAP 3D Visual Enterprise Viewer BPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-956 ZDI-CAN-16305 SAP CVE-2022-32242 7.8 July 7, 2022 SAP 3D Visual Enterprise Viewer HDR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-955 ZDI-CAN-17331 Sante CVE-2022-2272 9.8 July 7, 2022 July 7, 2022 Sante PACS Server SQL Injection Authentication Bypass Vulnerability ZDI-22-954 ZDI-CAN-16336 Centreon CVE-2022-34872 6.5 July 7, 2022 Aug. 3, 2022 Centreon Virtual Metrics SQL Injection Information Disclosure Vulnerability ZDI-22-953 ZDI-CAN-16335 Centreon CVE-2022-34871 7.2 July 7, 2022 Aug. 3, 2022 Centreon Poller Resource SQL Injection Privilege Escalation Vulnerability ZDI-22-952 ZDI-CAN-16777 Foxit CVE-2022-34873 3.3 July 7, 2022 Foxit PDF Reader Annotation modDate Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-951 ZDI-CAN-17474 Foxit CVE-2022-34874 3.3 July 7, 2022 Foxit PDF Reader Doc Object color Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-950 ZDI-CAN-16981 Foxit CVE-2022-34875 3.3 July 7, 2022 Foxit PDF Reader newConnection Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-949 ZDI-CAN-15056 xhyve CVE-2022-35867 7.5 July 6, 2022 July 14, 2022 (0Day) xhyve e1000 Stack-based Buffer Overflow Local Privilege Escalation Vulnerability ZDI-22-948 ZDI-CAN-16137 Parallels CVE-2022-34901 7.8 July 1, 2022 Parallels Access Agent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability ZDI-22-947 ZDI-CAN-16134 Parallels CVE-2022-34899 7.0 July 1, 2022 Parallels Access Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability ZDI-22-946 ZDI-CAN-15787 Parallels CVE-2022-34902 7.8 July 1, 2022 Parallels Access Agent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability ZDI-22-945 ZDI-CAN-15213 Parallels CVE-2022-34900 7.8 July 1, 2022 Parallels Access Agent Uncontrolled Search Path Element Privilege Escalation Vulnerability ZDI-22-944 ZDI-CAN-15934 Autodesk CVE-2022-27868 7.8 June 30, 2022 Autodesk AutoCAD CATPart File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-943 ZDI-CAN-16396 Parallels CVE-2022-34892 7.8 June 30, 2022 Parallels Desktop Updater Race Condition Local Privilege Escalation Vulnerability ZDI-22-942 ZDI-CAN-16395 Parallels CVE-2022-34891 7.8 June 30, 2022 Parallels Desktop Updater Incorrect Permission Assignment Local Privilege Escalation Vulnerability ZDI-22-941 ZDI-CAN-16653 Parallels CVE-2022-34890 7.3 June 30, 2022 Parallels Desktop Tools Untrusted Pointer Dereference Information Disclosure Vulnerability ZDI-22-940 ZDI-CAN-16554 Parallels CVE-2022-34889 8.2 June 30, 2022 Parallels Desktop ACPI Out-Of-Bounds Read Local Privilege Escalation Vulnerability ZDI-22-939 ZDI-CAN-16210 Tencent 4.3 June 30, 2022 Tencent WeChat WXAM Decoder Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-938 ZDI-CAN-16211 Tencent 8.8 June 30, 2022 Tencent WeChat WXAM Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-937 ZDI-CAN-16773 Advantech CVE-2022-2136 8.8 June 30, 2022 July 14, 2022 Advantech iView set_useraccount UserName SQL Injection Remote Code Execution Vulnerability ZDI-22-936 ZDI-CAN-16685 Advantech CVE-2022-2143 9.8 June 30, 2022 Advantech iView runProViewUpgrade fwfilename Command Injection Remote Code Execution Vulnerability ZDI-22-935 ZDI-CAN-16528 Advantech CVE-2022-2143 9.8 June 30, 2022 Advantech iView NetworkServlet backupDatabase backup_filename Command Injection Remote Code Execution Vulnerability ZDI-22-934 ZDI-CAN-16607 Advantech CVE-2022-2142 8.1 June 30, 2022 Advantech iView getModulePageContent SQL Injection Remote Code Execution Vulnerability ZDI-22-933 ZDI-CAN-16783 Advantech CVE-2022-2139 6.5 June 30, 2022 Advantech iView MenuServlet getUserPrefMenuFragment page Directory Traversal Information Disclosure Vulnerability ZDI-22-932 ZDI-CAN-16702 Advantech CVE-2022-2139 9.8 June 30, 2022 Advantech iView findCfgDeviceListDetailsExport filename Directory Traversal Remote Code Execution Vulnerability ZDI-22-931 ZDI-CAN-16701 Advantech CVE-2022-2139 9.8 June 30, 2022 Advantech iView exportDeviceList filename Directory Traversal Remote Code Execution Vulnerability ZDI-22-930 ZDI-CAN-16774 Advantech CVE-2022-2138 8.2 June 30, 2022 Advantech iView removeDevices Missing Authentication Denial-of-Service Vulnerability ZDI-22-929 ZDI-CAN-16776 Advantech CVE-2022-2138 8.2 June 30, 2022 Advantech iView removeSegment Missing Authentication Denial-of-Service Vulnerability ZDI-22-928 ZDI-CAN-16688 Advantech CVE-2022-2138 8.2 June 30, 2022 Advantech iView NetworkServlet clearDatabase Missing Authentication Denial-of-Service Vulnerability ZDI-22-927 ZDI-CAN-16746 Advantech CVE-2022-2137 4.9 June 30, 2022 Advantech iView addDeviceTreeItem SQL Injection Information Disclosure Vulnerability ZDI-22-926 ZDI-CAN-16745 Advantech CVE-2022-2137 4.9 June 30, 2022 Advantech iView addDeviceTreeItem SQL Injection Information Disclosure Vulnerability ZDI-22-925 ZDI-CAN-16772 Advantech CVE-2022-2136 6.5 June 30, 2022 Advantech iView updateSystemSettings SQL Injection Information Disclosure Vulnerability ZDI-22-924 ZDI-CAN-16771 Advantech CVE-2022-2136 6.5 June 30, 2022 Advantech iView updateLDAPSettings SQL Injection Information Disclosure Vulnerability ZDI-22-923 ZDI-CAN-16775 Advantech CVE-2022-2136 6.5 June 30, 2022 Advantech iView exportInventoryTable SQL Injection Information Disclosure Vulnerability ZDI-22-922 ZDI-CAN-16752 Advantech CVE-2022-2136 8.8 June 30, 2022 Advantech iView exportTaskMgrReport col_list2 SQL Injection Remote Code Execution Vulnerability ZDI-22-921 ZDI-CAN-16744 Advantech CVE-2022-2136 8.8 June 30, 2022 Advantech iView exportPSInventoryTable SQL Injection Remote Code Execution Vulnerability ZDI-22-920 ZDI-CAN-16748 Advantech CVE-2022-2136 8.8 June 30, 2022 Advantech iView updatePROMFile ipaddress SQL Injection Remote Code Execution Vulnerability ZDI-22-919 ZDI-CAN-16750 Advantech CVE-2022-2135 9.8 June 30, 2022 Advantech iView setTaskEditorItem DESCRIPTION SQL Injection Remote Code Execution Vulnerability ZDI-22-918 ZDI-CAN-16529 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView performListSortUpdate SORT_ORDER SQL Injection Information Disclosure Vulnerability ZDI-22-917 ZDI-CAN-16535 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView updateSegmentInfo ID SQL Injection Information Disclosure Vulnerability ZDI-22-916 ZDI-CAN-16561 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView updatePROMSelect SQL Injection Information Disclosure Vulnerability ZDI-22-915 ZDI-CAN-16585 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView updatePROMFilesWithLogin SQL Injection Information Disclosure Vulnerability ZDI-22-914 ZDI-CAN-16562 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView updateCfgFileSelect CREATE_DATE SQL Injection Information Disclosure Vulnerability ZDI-22-913 ZDI-CAN-16591 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView setTaskMgrItem SQL Injection Information Disclosure Vulnerability ZDI-22-912 ZDI-CAN-16751 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView setTaskEditorItem TASKTYPEDESC SQL Injection Information Disclosure Vulnerability ZDI-22-911 ZDI-CAN-16531 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView setConfiguration column_value SQL Injection Information Disclosure Vulnerability ZDI-22-910 ZDI-CAN-16659 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView saveSearchDevicesToTask CREATE_DATE SQL Injection Information Disclosure Vulnerability ZDI-22-909 ZDI-CAN-16660 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView savePSInfo dtInstallDate SQL Injection Information Disclosure Vulnerability ZDI-22-908 ZDI-CAN-16747 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView saveEditDeviceValues SQL Injection Information Disclosure Vulnerability ZDI-22-907 ZDI-CAN-16549 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView runTaskEditorSearch sortname/sortorder SQL Injection Information Disclosure Vulnerability ZDI-22-906 ZDI-CAN-16546 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView retrieveAllTaskMgrUpdateItems sort_field/sort_type SQL Injection Information Disclosure Vulnerability ZDI-22-905 ZDI-CAN-16583 Advantech CVE-2022-2135 9.8 June 30, 2022 Advantech iView restoreDatabase restore_filename SQL Injection Authentication Bypass Vulnerability ZDI-22-904 ZDI-CAN-16592 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView removeSearchDevicesFromTask CREATE_DATE SQL Injection Information Disclosure Vulnerability ZDI-22-903 ZDI-CAN-16724 Advantech CVE-2022-2135 9.8 June 30, 2022 Advantech iView performZTPConfig SQL Injection Remote Code Execution Vulnerability ZDI-22-902 ZDI-CAN-16731 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView performSearchDevice SQL Injection Information Disclosure Vulnerability ZDI-22-901 ZDI-CAN-16530 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView performListSortUpdate DB_COLUMN SQL Injection Information Disclosure Vulnerability ZDI-22-900 ZDI-CAN-16548 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView getPSInventoryInfo sortname/sortorder SQL Injection Information Disclosure Vulnerability ZDI-22-899 ZDI-CAN-16545 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView getInventoryReportData sortname/sortorder SQL Injection Information Disclosure Vulnerability ZDI-22-898 ZDI-CAN-16693 Advantech CVE-2022-2135 9.8 June 30, 2022 Advantech iView getChassisList strIPAddress SQL Injection Remote Code Execution Vulnerability ZDI-22-897 ZDI-CAN-16695 Advantech CVE-2022-2135 9.8 June 30, 2022 Advantech iView getChassisList SQL Injection Remote Code Execution Vulnerability ZDI-22-896 ZDI-CAN-16694 Advantech CVE-2022-2135 9.8 June 30, 2022 Advantech iView getChassisList SQL Injection Remote Code Execution Vulnerability ZDI-22-895 ZDI-CAN-16544 Advantech CVE-2022-2135 9.8 June 30, 2022 Advantech iView getAllActiveTraps search_date_from/search_date_to SQL Injection Remote Code Execution Vulnerability ZDI-22-894 ZDI-CAN-16649 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView findUpdateDeviceListExport sort_type/search_json SQL Injection Information Disclosure Vulnerability ZDI-22-893 ZDI-CAN-16648 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView findUpdateDeviceList sort_field/sort_type SQL Injection Information Disclosure Vulnerability ZDI-22-892 ZDI-CAN-16547 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView findTaskMgrItems sort_field/sort_type SQL Injection Information Disclosure Vulnerability ZDI-22-891 ZDI-CAN-16564 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView findSummaryUpdateDeviceListExport VALUE SQL Injection Information Disclosure Vulnerability ZDI-22-890 ZDI-CAN-16656 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView findSummaryUpdateDeviceList VALUE SQL Injection Information Disclosure Vulnerability ZDI-22-889 ZDI-CAN-16550 Advantech CVE-2022-2135 9.8 June 30, 2022 Advantech iView findSummaryUpdateDeviceList COLUMN/VALUE SQL Injection Remote Code Execution Vulnerability ZDI-22-888 ZDI-CAN-16563 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView findSummaryCfgDeviceListExport VALUE SQL Injection Information Disclosure Vulnerability ZDI-22-887 ZDI-CAN-16645 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView findSummaryCfgDeviceList VALUE SQL Injection Information Disclosure Vulnerability ZDI-22-886 ZDI-CAN-16560 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView findCfgDeviceListExport segment SQL Injection Information Disclosure Vulnerability ZDI-22-885 ZDI-CAN-16584 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView findCfgDeviceListDetailsExport segment SQL Injection Information Disclosure Vulnerability ZDI-22-884 ZDI-CAN-16658 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView findCfgDeviceListDetails segment/sort_field/sort_type SQL Injection Information Disclosure Vulnerability ZDI-22-883 ZDI-CAN-16646 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView findCfgDeviceList VALUE SQL Injection Information Disclosure Vulnerability ZDI-22-882 ZDI-CAN-16647 Advantech CVE-2022-2135 9.8 June 30, 2022 Advantech iView findCfgDeviceList segment SQL Injection Remote Code Execution Vulnerability ZDI-22-881 ZDI-CAN-16552 Advantech CVE-2022-2135 9.8 June 30, 2022 Advantech iView findCfgDeviceList COLUMN/VALUE SQL Injection Remote Code Execution Vulnerability ZDI-22-880 ZDI-CAN-16782 Advantech CVE-2022-2135 7.5 June 30, 2022 Advantech iView DeviceTreeTable addDeviceTreeItem SQL Injection Information Disclosure Vulnerability ZDI-22-879 ZDI-CAN-14791 ZyXel CVE-2022-0556 7.3 June 29, 2022 ZyXel AP Configurator Incorrect Permission Assignment Local Privilege Escalation Vulnerability ZDI-22-878 ZDI-CAN-16111 Apple CVE-2022-22676 5.5 June 29, 2022 Apple macOS PackageKit PKInstallService Directory Traversal System Integrity Protection Bypass Vulnerability ZDI-22-877 ZDI-CAN-16052 Apple CVE-2022-26688 5.5 June 29, 2022 Apple macOS PackageKit PKCoreShove Link Following System Integrity Protection Bypass Vulnerability ZDI-22-876 ZDI-CAN-16119 Apache CVE-2022-22721 8.1 June 29, 2022 Apache HTTPD Server ap_escape_html2 Integer Overflow Remote Code Execution Vulnerability ZDI-22-875 ZDI-CAN-16322 ABB CVE-2022-28702 6.1 June 29, 2022 ABB e-Design Link Following Denial-of-Service Vulnerability ZDI-22-874 ZDI-CAN-16278 ABB CVE-2022-29483 7.8 June 29, 2022 ABB e-Design Link Following Local Privilege Escalation Vulnerability ZDI-22-873 ZDI-CAN-16441 Prosys OPC CVE-2022-30551 7.5 June 27, 2022 (Pwn2Own) Prosys OPC UA SDK for Java OPC UA Messages Resource Exhaustion Denial-of-Service Vulnerability ZDI-22-872 ZDI-CAN-16710 DevExpress CVE-2022-28684 8.8 June 24, 2022 DevExpress SafeBinaryFormatter Deserialization of Untrusted Data Remote Code Execution Vulnerability ZDI-22-871 ZDI-CAN-17014 Microsoft CVE-2022-30157 8.8 June 23, 2022 Microsoft SharePoint Chart Deserialization of Untrusted Data Remote Code Execution Vulnerability ZDI-22-870 ZDI-CAN-16006 SAP CVE-2022-26106 7.8 June 17, 2022 SAP 3D Visual Enterprise Viewer CGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-869 ZDI-CAN-15996 SAP CVE-2022-27655 7.8 June 17, 2022 SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-868 ZDI-CAN-15995 SAP CVE-2022-27655 7.8 June 17, 2022 SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-867 ZDI-CAN-15994 SAP CVE-2022-27655 7.8 June 17, 2022 SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-866 ZDI-CAN-16007 SAP CVE-2022-27655 7.8 June 17, 2022 SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-865 ZDI-CAN-16279 SAP CVE-2022-26106 7.8 June 16, 2022 SAP 3D Visual Enterprise Viewer CGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-864 ZDI-CAN-16274 SAP CVE-2022-26108 7.8 June 16, 2022 SAP 3D Visual Enterprise Viewer PCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-863 ZDI-CAN-16273 SAP CVE-2022-27654 7.8 June 16, 2022 SAP 3D Visual Enterprise Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-862 ZDI-CAN-16272 SAP CVE-2022-26108 7.8 June 16, 2022 SAP 3D Visual Enterprise Viewer PCX File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-861 ZDI-CAN-16002 SAP CVE-2022-26107 7.8 June 16, 2022 June 17, 2022 SAP 3D Visual Enterprise Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-860 ZDI-CAN-15999 SAP CVE-2022-22538 7.8 June 16, 2022 SAP 3D Visual Enterprise Viewer AI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-859 ZDI-CAN-15997 SAP CVE-2022-22539 7.8 June 16, 2022 July 11, 2022 SAP 3D Visual Enterprise Viewer JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-858 ZDI-CAN-14735 SAP CVE-2022-26109 7.8 June 16, 2022 SAP 3D Visual Enterprise Viewer PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-857 ZDI-CAN-14733 SAP CVE-2022-26109 7.8 June 16, 2022 SAP 3D Visual Enterprise Viewer PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-856 ZDI-CAN-17205 OPC Foundation CVE-2022-29865 9.1 June 16, 2022 June 16, 2022 (Pwn2Own) OPC Foundation UA .NET Standard Improper Input Validation Authentication Bypass Vulnerability ZDI-22-855 ZDI-CAN-17197 OPC Foundation CVE-2022-29866 7.5 June 16, 2022 June 16, 2022 (Pwn2Own) OPC Foundation UA .NET Standard TranslateBrowsePathsToNodeId Resource Exhaustion Denial-of-Service Vulnerability ZDI-22-854 ZDI-CAN-16440 OPC Foundation CVE-2022-29864 7.5 June 16, 2022 June 22, 2022 (Pwn2Own) OPC Foundation UA .NET Standard Resource Exhaustion Denial-of-Service Vulnerability ZDI-22-853 ZDI-CAN-16303 Trend Micro CVE-2022-33158 7.8 June 16, 2022 Trend Micro Proxy One Pro Incorrect Permission Assignment Local Privilege Escalation Vulnerability ZDI-22-852 ZDI-CAN-16485 Adobe CVE-2022-30664 7.8 June 15, 2022 Adobe Animate SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-851 ZDI-CAN-16467 Adobe CVE-2022-30665 7.8 June 15, 2022 Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-850 ZDI-CAN-16465 Adobe CVE-2022-30663 7.8 June 15, 2022 Adobe InDesign SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-849 ZDI-CAN-16466 Adobe CVE-2022-30662 7.8 June 15, 2022 Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-848 ZDI-CAN-16462 Adobe CVE-2022-30661 7.8 June 15, 2022 Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-847 ZDI-CAN-16464 Adobe CVE-2022-30660 7.8 June 15, 2022 Adobe InDesign PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-846 ZDI-CAN-16461 Adobe CVE-2022-30659 7.8 June 15, 2022 Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-845 ZDI-CAN-16463 Adobe CVE-2022-30658 7.8 June 15, 2022 Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-844 ZDI-CAN-17072 Adobe CVE-2022-28850 3.3 June 15, 2022 Adobe Bridge Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-843 ZDI-CAN-17081 Adobe CVE-2022-28849 7.8 June 15, 2022 Adobe Bridge Font Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-842 ZDI-CAN-16567 Adobe CVE-2022-28848 7.8 June 15, 2022 Adobe Bridge PCX File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-841 ZDI-CAN-16476 Adobe CVE-2022-28847 7.8 June 15, 2022 Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-840 ZDI-CAN-16481 Adobe CVE-2022-28846 7.8 June 15, 2022 Adobe Bridge SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-839 ZDI-CAN-16494 Adobe CVE-2022-28845 7.8 June 15, 2022 Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-838 ZDI-CAN-16484 Adobe CVE-2022-28844 7.8 June 15, 2022 Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-837 ZDI-CAN-16482 Adobe CVE-2022-28843 7.8 June 15, 2022 Adobe Bridge Font Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-836 ZDI-CAN-16493 Adobe CVE-2022-28842 7.8 June 15, 2022 Adobe Bridge Font Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-835 ZDI-CAN-16491 Adobe CVE-2022-28841 7.8 June 15, 2022 Adobe Bridge Font Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-834 ZDI-CAN-16483 Adobe CVE-2022-28840 7.8 June 15, 2022 Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-833 ZDI-CAN-16492 Adobe CVE-2022-28839 7.8 June 15, 2022 Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-832 ZDI-CAN-16459 Adobe CVE-2022-30657 7.8 June 15, 2022 Adobe InCopy Font Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-831 ZDI-CAN-16456 Adobe CVE-2022-30656 7.8 June 15, 2022 Adobe InCopy PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-830 ZDI-CAN-16460 Adobe CVE-2022-30655 7.8 June 15, 2022 Adobe InCopy Font Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-829 ZDI-CAN-16455 Adobe CVE-2022-30654 7.8 June 15, 2022 Adobe InCopy Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-828 ZDI-CAN-16453 Adobe CVE-2022-30653 7.8 June 15, 2022 Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-827 ZDI-CAN-16457 Adobe CVE-2022-30652 7.8 June 15, 2022 Adobe InCopy SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-826 ZDI-CAN-16458 Adobe CVE-2022-30651 7.8 June 15, 2022 Adobe InCopy Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-825 ZDI-CAN-16454 Adobe CVE-2022-30650 7.8 June 15, 2022 Adobe InCopy Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-824 ZDI-CAN-16452 Adobe CVE-2022-30648 7.8 June 15, 2022 Adobe Illustrator Font Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-823 ZDI-CAN-16450 Adobe CVE-2022-30647 7.8 June 15, 2022 Adobe Illustrator Font Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-822 ZDI-CAN-16451 Adobe CVE-2022-30646 7.8 June 15, 2022 Adobe Illustrator Font Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-821 ZDI-CAN-16448 Adobe CVE-2022-30644 7.8 June 15, 2022 Adobe Illustrator Font Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-820 ZDI-CAN-16449 Adobe CVE-2022-30643 7.8 June 15, 2022 Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-819 ZDI-CAN-16436 Adobe CVE-2022-30642 7.8 June 15, 2022 Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-818 ZDI-CAN-16444 Adobe CVE-2022-30641, CVE-2022-30645 7.8 June 15, 2022 Adobe Illustrator SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-817 ZDI-CAN-16489 Adobe CVE-2022-30640 7.8 June 15, 2022 Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-816 ZDI-CAN-16488 Adobe CVE-2022-30639 7.8 June 15, 2022 Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-815 ZDI-CAN-16487 Adobe CVE-2022-30638 7.8 June 15, 2022 Adobe Illustrator Font Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-814 ZDI-CAN-16490 Adobe CVE-2022-30637 7.8 June 15, 2022 Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-813 ZDI-CAN-15443 Microsoft CVE-2021-43875 7.0 June 2, 2022 Microsoft Word glTF-SDK Integer Overflow Remote Code Execution Vulnerability ZDI-22-812 ZDI-CAN-16125 Apple CVE-2022-26698 3.3 May 26, 2022 June 2, 2022 Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-811 ZDI-CAN-16024 Apple CVE-2022-22583 5.5 June 2, 2022 June 2, 2022 Apple macOS PackageKit PKInstallSandbox SIP Bypass vulnerability ZDI-22-810 ZDI-CAN-16065 Microsoft CVE-2022-24499 7.8 June 1, 2022 Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability ZDI-22-809 ZDI-CAN-16249 Microsoft CVE-2022-26901 7.8 June 1, 2022 Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-808 ZDI-CAN-15973 Microsoft CVE-2022-24479 7.8 June 1, 2022 Microsoft Windows DiagTrack Service Link Following Privilege Escalation Vulnerability ZDI-22-807 ZDI-CAN-15294 Microsoft CVE-2022-24513 8.4 June 1, 2022 Microsoft Visual Studio VSIX Auto Update Deserialization of Untrusted Data Privilege Escalation Vulnerability ZDI-22-806 ZDI-CAN-15980 FreeBSD CVE-2022-23088 8.3 May 31, 2022 FreeBSD 802.11 Network Subsystem Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-805 ZDI-CAN-15525 KeySight CVE-2022-1661 7.5 May 27, 2022 KeySight N6841A RF Sensor UserFirmwareRequestHandler Directory Traversal Information Disclosure Vulnerability ZDI-22-804 ZDI-CAN-15470 KeySight CVE-2022-1660 9.8 May 27, 2022 KeySight N6841A RF Sensor Deserialization of Untrusted Data Remote Code Execution Vulnerability ZDI-22-803 ZDI-CAN-15636 Cisco CVE-2022-20753 4.3 May 27, 2022 Cisco RV340 JSON RPC set-snmp Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-802 ZDI-CAN-15634 Cisco CVE-2022-20753 4.3 May 27, 2022 Cisco RV340 JSON RPC set-snmp Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-801 ZDI-CAN-15757 Trend Micro CVE-2022-30703 6.5 May 27, 2022 Trend Micro Internet Security Exposed Dangerous Method Information Disclosure Vulnerability ZDI-22-800 ZDI-CAN-15756 Trend Micro CVE-2022-30702 7.3 May 27, 2022 Trend Micro Internet Security Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-799 ZDI-CAN-17469 Mozilla CVE-2022-1802 8.8 May 27, 2022 (Pwn2Own) Mozilla Firefox Top-Level Await Prototype Pollution Remote Code Execution Vulnerability ZDI-22-798 ZDI-CAN-17418 Mozilla CVE-2022-1529 7.8 May 27, 2022 (Pwn2Own) Mozilla Firefox Improper Input Validation Sandbox Escape Vulnerability ZDI-22-797 ZDI-CAN-16098 Trend Micro CVE-2022-30701 7.8 May 26, 2022 Trend Micro Apex One Uncontrolled Search Path Element Local Privilege Escalation Vulnerability ZDI-22-796 ZDI-CAN-14481 Delta Industrial Automation CVE-2022-1403 7.8 May 26, 2022 Delta Industrial Automation ASDA-Soft PAR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-795 ZDI-CAN-14471 Delta Industrial Automation CVE-2022-1402 7.8 May 26, 2022 Delta Industrial Automation ASDA-Soft SCP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-794 ZDI-CAN-16806 Apple CVE-2022-26751 7.8 May 26, 2022 Apple macOS HEIC File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-793 ZDI-CAN-16206 Apple CVE-2022-26748 8.8 May 26, 2022 Apple Safari WebGL generateMipmap Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-792 ZDI-CAN-16158 Apple CVE-2022-26711 7.8 May 26, 2022 Apple macOS ImageIO WebP File Parsing Integer Overflow Remote Code Execution Vulnerability ZDI-22-791 ZDI-CAN-16073 Apple CVE-2022-26697 3.3 May 26, 2022 Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-790 ZDI-CAN-15738 Trend Micro CVE-2022-30700 7.8 May 26, 2022 Trend Micro Apex One Incorrect Permission Assignment Local Privilege Escalation Vulnerability ZDI-22-789 ZDI-CAN-15739 Trend Micro CVE-2022-30687 6.1 May 26, 2022 Trend Micro Maximum Security Link Following Arbitrary File Deletion Vulnerability ZDI-22-788 ZDI-CAN-15919 Ivanti CVE-2022-36983 7.5 May 26, 2022 July 27, 2022 Ivanti Avalanche SetSettings Exposed Dangerous Function Authentication Bypass Vulnerability ZDI-22-787 ZDI-CAN-15967 Ivanti CVE-2022-36982 6.5 May 26, 2022 July 27, 2022 Ivanti Avalanche AgentTaskHandler Directory Traversal Information Disclosure Vulnerability ZDI-22-786 ZDI-CAN-15966 Ivanti CVE-2022-36981 8.8 May 26, 2022 July 27, 2022 Ivanti Avalanche DeviceLogResource Directory Traversal Remote Code Execution Vulnerability ZDI-22-785 ZDI-CAN-15528 Ivanti CVE-2022-36980 9.4 May 26, 2022 July 27, 2022 Ivanti Avalanche EnterpriseServer Service Race Condition Authentication Bypass Vulnerability ZDI-22-784 ZDI-CAN-15493 Ivanti CVE-2022-36979 7.5 May 26, 2022 July 27, 2022 Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability ZDI-22-783 ZDI-CAN-15448 Ivanti CVE-2022-36978 9.8 May 26, 2022 July 27, 2022 Ivanti Avalanche Notification Server Service Deserialization of Untrusted Data Remote Code Execution Vulnerability ZDI-22-782 ZDI-CAN-15449 Ivanti CVE-2022-36977 9.8 May 26, 2022 July 27, 2022 Ivanti Avalanche Certificate Management Server Service Deserialization of Untrusted Data Remote Code Execution Vulnerability ZDI-22-781 ZDI-CAN-15333 Ivanti CVE-2022-36976 9.1 May 26, 2022 July 27, 2022 Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability ZDI-22-780 ZDI-CAN-15332 Ivanti CVE-2022-36975 9.1 May 26, 2022 July 27, 2022 Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability ZDI-22-779 ZDI-CAN-15330 Ivanti CVE-2022-36974 9.8 May 26, 2022 July 27, 2022 Ivanti Avalanche Web File Server Service Deserialization of Untrusted Data Remote Code Execution Vulnerability ZDI-22-778 ZDI-CAN-15329 Ivanti CVE-2022-36973 9.1 May 26, 2022 July 27, 2022 Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability ZDI-22-777 ZDI-CAN-15328 Ivanti CVE-2022-36972 9.1 May 26, 2022 July 27, 2022 Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability ZDI-22-776 ZDI-CAN-15301 Ivanti CVE-2022-36971 9.8 May 26, 2022 July 27, 2022 Ivanti Avalanche JwtTokenUtility Deserialization of Untrusted Data Remote Code Execution Vulnerability ZDI-22-775 ZDI-CAN-15690 Autodesk CVE-2022-25793 7.8 May 26, 2022 Autodesk 3DS Max ABC File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-774 ZDI-CAN-16828 Foxit CVE-2022-28683 7.8 May 12, 2022 Foxit PDF Reader deletePages Use-After-Free Remote Code Execution Vulnerability ZDI-22-773 ZDI-CAN-16778 Foxit CVE-2022-28682 7.8 May 12, 2022 Foxit PDF Reader Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-772 ZDI-CAN-16825 Foxit CVE-2022-28681 2.5 May 12, 2022 Foxit PDF Reader deletePages Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-771 ZDI-CAN-16821 Foxit CVE-2022-28680 7.8 May 12, 2022 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability ZDI-22-770 ZDI-CAN-16861 Foxit CVE-2022-28679 7.8 May 12, 2022 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability ZDI-22-769 ZDI-CAN-16805 Foxit CVE-2022-28678 7.8 May 12, 2022 Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability ZDI-22-768 ZDI-CAN-16663 Foxit CVE-2022-28677 7.8 May 12, 2022 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability ZDI-22-767 ZDI-CAN-16643 Foxit CVE-2022-28676 7.8 May 12, 2022 Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability ZDI-22-766 ZDI-CAN-16642 Foxit CVE-2022-28675 7.8 May 12, 2022 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability ZDI-22-765 ZDI-CAN-16644 Foxit CVE-2022-28674 7.8 May 12, 2022 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability ZDI-22-764 ZDI-CAN-16641 Foxit CVE-2022-28673 7.8 May 12, 2022 Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability ZDI-22-763 ZDI-CAN-16640 Foxit CVE-2022-28672 7.8 May 12, 2022 Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability ZDI-22-762 ZDI-CAN-16639 Foxit CVE-2022-28671 7.8 May 12, 2022 Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability ZDI-22-761 ZDI-CAN-16523 Foxit CVE-2022-28670 3.3 May 12, 2022 Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-760 ZDI-CAN-16420 Foxit CVE-2022-28669 7.8 May 12, 2022 Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability ZDI-22-759 ZDI-CAN-16159 Trend Micro CVE-2022-30523 7.8 May 11, 2022 Trend Micro Password Manager Link Following Privilege Escalation Vulnerability ZDI-22-758 ZDI-CAN-15803 NETGEAR 8.8 May 10, 2022 May 11, 2022 (Pwn2Own) NETGEAR R6700v3 Vulnerable Third-Party Component Remote Code Execution Vulnerability ZDI-22-757 ZDI-CAN-16083 Apple CVE-2022-22597 3.3 April 28, 2022 May 11, 2022 Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-756 ZDI-CAN-15635 Cisco CVE-2022-20753 4.3 May 10, 2022 Cisco RV340 JSON RPC set-snmp Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-755 ZDI-CAN-17065 Adobe CVE-2022-28829 7.8 May 10, 2022 Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-754 ZDI-CAN-17012 Adobe CVE-2022-28837 3.3 May 10, 2022 Adobe Acrobat Pro DC Doc buttonSetIcon Use-After-Free Information Disclosure Vulnerability ZDI-22-753 ZDI-CAN-17000 Adobe CVE-2022-28838 7.8 May 10, 2022 Adobe Acrobat Pro DC Doc flattenPages Use-After-Free Remote Code Execution Vulnerability ZDI-22-752 ZDI-CAN-16515 Adobe CVE-2022-28819 7.8 May 10, 2022 Adobe Character Animator SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-751 ZDI-CAN-16503 Adobe CVE-2022-28831 7.8 May 10, 2022 Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-750 ZDI-CAN-16502 Adobe CVE-2022-28833 7.8 May 10, 2022 Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-749 ZDI-CAN-16501 Adobe CVE-2022-28832 7.8 May 10, 2022 Adobe InDesign Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-748 ZDI-CAN-16500 Adobe CVE-2022-28834 7.8 May 10, 2022 Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-747 ZDI-CAN-16499 Adobe CVE-2022-28836 7.8 May 10, 2022 Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-746 ZDI-CAN-16498 Adobe CVE-2022-28835 7.8 May 10, 2022 Adobe InCopy Font Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-745 ZDI-CAN-16497 Adobe CVE-2022-28823 7.8 May 10, 2022 Adobe FrameMaker Font Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-744 ZDI-CAN-16496 Adobe CVE-2022-28822 7.8 May 10, 2022 Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-743 ZDI-CAN-16495 Adobe CVE-2022-28824 7.8 May 10, 2022 Adobe FrameMaker Font Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-742 ZDI-CAN-16432 Adobe CVE-2022-28828 7.8 May 10, 2022 Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Code Execution Vulnerability ZDI-22-741 ZDI-CAN-16431 Adobe CVE-2022-28827 7.8 May 10, 2022 Adobe FrameMaker SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-740 ZDI-CAN-16430 Adobe CVE-2022-28830 3.3 May 10, 2022 Adobe FrameMaker Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-739 ZDI-CAN-16429 Adobe CVE-2022-28821 7.8 May 10, 2022 Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-738 ZDI-CAN-16428 Adobe CVE-2022-28825 7.8 May 10, 2022 Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-737 ZDI-CAN-16427 Adobe CVE-2022-28826 7.8 May 10, 2022 Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-736 ZDI-CAN-16218 Microsoft CVE-2022-29114 5.5 May 10, 2022 Microsoft Windows Print Spooler Service Directory Traversal Information Disclosure Vulnerability ZDI-22-735 ZDI-CAN-16215 Microsoft CVE-2022-29140 5.5 May 10, 2022 Microsoft Windows Print Spooler Service Directory Traversal Information Disclosure Vulnerability ZDI-22-734 ZDI-CAN-16251 Microsoft CVE-2022-29104 7.0 May 10, 2022 Microsoft Windows Print Spooler Service Link Following Local Privilege Escalation Vulnerability ZDI-22-733 ZDI-CAN-16189 Microsoft CVE-2022-29148 7.8 May 10, 2022 Microsoft Visual Studio DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-732 ZDI-CAN-16228 Microsoft CVE-2022-30138 7.0 May 10, 2022 June 10, 2022 Microsoft Windows Print Spooler Service Link Following Local Privilege Escalation Vulnerability ZDI-22-731 ZDI-CAN-16507 Microsoft CVE-2022-29105 8.8 May 10, 2022 Microsoft Windows Media Foundation AVI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-730 ZDI-CAN-16229 Microsoft CVE-2022-29104 7.0 May 10, 2022 Microsoft Windows Print Spooler Service Link Following Local Privilege Escalation Vulnerability ZDI-22-729 ZDI-CAN-16168 Microsoft CVE-2022-26923 9.0 May 10, 2022 Microsoft Windows Active Directory Certificate Services Improper Authorization Privilege Escalation Vulnerability ZDI-22-728 ZDI-CAN-15915 Microsoft CVE-2022-26927 9.6 May 10, 2022 Microsoft Windows OpenType Font File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-727 ZDI-CAN-15914 Microsoft CVE-2022-24542 8.8 May 10, 2022 Microsoft Windows Kernel Bitmap Surface Untrusted Pointer Dereference Privilege Escalation Vulnerability ZDI-22-726 ZDI-CAN-15974 Microsoft CVE-2022-24550 7.8 May 10, 2022 Microsoft Windows CreateObjectHandler Deserialization of Untrusted Data Local Privilege Escalation Vulnerability ZDI-22-725 ZDI-CAN-17077 Adobe CVE-2022-24099 3.3 May 9, 2022 Adobe Photoshop Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-724 ZDI-CAN-15637 Cisco CVE-2022-20801 4.3 May 9, 2022 Cisco RV340 JSON RPC set-snmp Command Injection Remote Code Execution Vulnerability ZDI-22-723 ZDI-CAN-15633 Cisco CVE-2022-20801 4.3 May 9, 2022 Cisco RV340 JSON RPC set-snmp Command Injection Remote Code Execution Vulnerability ZDI-22-722 ZDI-CAN-16042 Autodesk 7.8 May 10, 2022 May 10, 2022 (0Day) Autodesk Navisworks Manage SKP File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-721 ZDI-CAN-15689 Autodesk CVE-2022-27532 7.8 May 10, 2022 May 16, 2022 (0Day) Autodesk 3DS Max TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-720 ZDI-CAN-15687 Autodesk CVE-2022-27532 7.8 May 10, 2022 May 16, 2022 (0Day) Autodesk 3DS Max TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-719 ZDI-CAN-15677 Autodesk CVE-2022-27532 7.8 May 10, 2022 May 16, 2022 (0Day) Autodesk 3DS Max TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-718 ZDI-CAN-15178 Rockwell Automation 5.5 May 9, 2022 May 10, 2022 (0Day) Rockwell Automation ISaGRAF isasln File Parsing XML External Entity Processing Information Disclosure Vulnerability ZDI-22-717 ZDI-CAN-16164 Zoom CVE-2022-22782 7.8 May 9, 2022 Zoom Client Link Following Local Privilege Escalation Vulnerability ZDI-22-716 ZDI-CAN-16162 Zoom CVE-2022-22782 7.8 May 9, 2022 Zoom Client Link Following Local Privilege Escalation Vulnerability ZDI-22-715 ZDI-CAN-16076 Apple CVE-2022-22648 3.3 April 28, 2022 Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-714 ZDI-CAN-16074 Apple CVE-2022-22627 3.3 April 28, 2022 Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-713 ZDI-CAN-16072 Apple CVE-2022-22648 3.3 April 28, 2022 Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-712 ZDI-CAN-16084 Apple CVE-2022-22625 3.3 April 28, 2022 Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-711 ZDI-CAN-16075 Apple CVE-2022-22626 3.3 April 28, 2022 Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-710 ZDI-CAN-15543 Autodesk CVE-2022-25794 7.8 April 28, 2022 Autodesk FBX Review ABC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-709 ZDI-CAN-16407 Oracle CVE-2022-21490 9.8 April 28, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability ZDI-22-708 ZDI-CAN-16408 Oracle CVE-2022-21489 9.8 April 28, 2022 Oracle MySQL Cluster Data Node Buffer Overflow Remote Code Execution Vulnerability ZDI-22-707 ZDI-CAN-16406 Oracle CVE-2022-21482 9.8 April 28, 2022 Oracle MySQL Cluster Data Node Integer Overflow Remote Code Execution Vulnerability ZDI-22-706 ZDI-CAN-16704 Oracle CVE-2022-21486 6.5 April 28, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability ZDI-22-705 ZDI-CAN-16703 Oracle CVE-2022-21485 6.5 April 28, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability ZDI-22-704 ZDI-CAN-16409 Oracle CVE-2022-21484 6.5 April 28, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability ZDI-22-703 ZDI-CAN-16445 Oracle CVE-2022-21483 9.8 April 28, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability ZDI-22-702 ZDI-CAN-14479 Delta Industrial Automation 5.5 April 28, 2022 (0Day) Delta Industrial Automation DRAS Project File Parsing XML External Entity Processing Information Disclosure Vulnerability ZDI-22-701 ZDI-CAN-14654 Delta Industrial Automation 5.5 April 28, 2022 (0Day) Delta Industrial Automation DRAS DSCP Scope File Parsing XML External Entity Processing Information Disclosure Vulnerability ZDI-22-700 ZDI-CAN-14653 Delta Industrial Automation 5.5 April 28, 2022 (0Day) Delta Industrial Automation DRAS XML Point File Parsing XML External Entity Processing Information Disclosure Vulnerability ZDI-22-699 ZDI-CAN-14480 Delta Industrial Automation CVE-2022-1331 5.5 April 28, 2022 Delta Industrial Automation DMARS Project File Parsing XML External Entity Processing Information Disclosure Vulnerability ZDI-22-698 ZDI-CAN-14651 Delta Industrial Automation CVE-2022-1331 5.5 April 28, 2022 Delta Industrial Automation DMARS Scope File Parsing XML External Entity Processing Information Disclosure Vulnerability ZDI-22-697 ZDI-CAN-14650 Delta Industrial Automation CVE-2022-1331 5.5 April 28, 2022 Delta Industrial Automation DMARS ScopeConfig File Parsing XML External Entity Processing Information Disclosure Vulnerability ZDI-22-696 ZDI-CAN-14647 Delta Industrial Automation CVE-2022-1331 5.5 April 28, 2022 Delta Industrial Automation DMARS DSCP Scope File Parsing XML External Entity Processing Information Disclosure Vulnerability ZDI-22-695 ZDI-CAN-16132 Adobe CVE-2022-28271 7.8 April 28, 2022 Adobe Photoshop PDF File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-694 ZDI-CAN-17069 Adobe CVE-2022-23205 7.8 April 28, 2022 Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-693 ZDI-CAN-16725 Adobe CVE-2022-28240 7.8 April 28, 2022 Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability ZDI-22-692 ZDI-CAN-16708 Adobe CVE-2022-28268 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-691 ZDI-CAN-16707 Adobe CVE-2022-28239 7.8 April 28, 2022 Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-690 ZDI-CAN-16579 Adobe CVE-2022-28269 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Use-After-Free Information Disclosure Vulnerability ZDI-22-689 ZDI-CAN-16553 Adobe CVE-2022-28236 7.8 April 28, 2022 Adobe Acrobat Reader DC Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-688 ZDI-CAN-16537 Adobe CVE-2022-28235 7.8 April 28, 2022 Adobe Acrobat Pro DC AcroForm Use-After-Free Remote Code Execution Vulnerability ZDI-22-687 ZDI-CAN-16536 Adobe CVE-2022-28237 7.8 April 28, 2022 Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability ZDI-22-686 ZDI-CAN-16534 Adobe CVE-2022-27800 7.8 April 28, 2022 Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability ZDI-22-685 ZDI-CAN-16533 Adobe CVE-2022-27802 7.8 April 28, 2022 Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability ZDI-22-684 ZDI-CAN-16404 Adobe CVE-2022-28230 7.8 April 28, 2022 Adobe Acrobat Pro DC AcroForm calculateNow Use-After-Free Remote Code Execution Vulnerability ZDI-22-683 ZDI-CAN-16385 Adobe CVE-2022-28232 3.3 April 28, 2022 Adobe Acrobat Reader DC Collab Object Use-After-Free Information Disclosure Vulnerability ZDI-22-682 ZDI-CAN-16375 Adobe CVE-2022-27801 7.8 April 28, 2022 Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability ZDI-22-681 ZDI-CAN-16374 Adobe CVE-2022-27797 7.8 April 28, 2022 Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability ZDI-22-680 ZDI-CAN-16373 Adobe CVE-2022-28233 7.8 April 28, 2022 Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability ZDI-22-679 ZDI-CAN-16353 Adobe CVE-2022-27796 7.8 April 28, 2022 Adobe Acrobat Pro DC AcroForm isBoxChecked Use-After-Free Remote Code Execution Vulnerability ZDI-22-678 ZDI-CAN-16352 Adobe CVE-2022-27795 7.8 April 28, 2022 Adobe Acrobat Pro DC AcroForm isDefaultChecked Use-After-Free Remote Code Execution Vulnerability ZDI-22-677 ZDI-CAN-16349 Adobe CVE-2022-27799 7.8 April 28, 2022 Adobe Acrobat Pro DC AcroForm Use-After-Free Remote Code Execution Vulnerability ZDI-22-676 ZDI-CAN-16348 Adobe CVE-2022-27798 7.8 April 28, 2022 Adobe Acrobat Reader DC zoomType Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-675 ZDI-CAN-16298 Adobe CVE-2022-27786 7.8 April 28, 2022 Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-674 ZDI-CAN-16293 Adobe CVE-2022-27785 7.8 April 28, 2022 Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-673 ZDI-CAN-16292 Adobe CVE-2022-27788 7.8 April 28, 2022 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-672 ZDI-CAN-16291 Adobe CVE-2022-27787 7.8 April 28, 2022 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-671 ZDI-CAN-16095 Adobe CVE-2022-27790 7.8 April 28, 2022 Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-670 ZDI-CAN-16053 Adobe CVE-2022-28231 3.3 April 28, 2022 Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-669 ZDI-CAN-16705 Adobe CVE-2022-28245 3.3 April 28, 2022 Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-668 ZDI-CAN-16865 Adobe CVE-2022-28256 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Use-After-Free Information Disclosure Vulnerability ZDI-22-667 ZDI-CAN-16864 Adobe CVE-2022-28250 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Use-After-Free Information Disclosure Vulnerability ZDI-22-666 ZDI-CAN-16863 Adobe CVE-2022-28251 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-665 ZDI-CAN-16817 Adobe CVE-2022-28241 7.8 April 28, 2022 Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-664 ZDI-CAN-16809 Adobe CVE-2022-28242 7.8 April 28, 2022 Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability ZDI-22-663 ZDI-CAN-16803 Adobe CVE-2022-28243 7.8 April 28, 2022 Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-662 ZDI-CAN-16794 Adobe CVE-2022-28252 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-661 ZDI-CAN-16793 Adobe CVE-2022-28253 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-660 ZDI-CAN-16792 Adobe CVE-2022-28254 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-659 ZDI-CAN-16791 Adobe CVE-2022-28255 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-658 ZDI-CAN-16790 Adobe CVE-2022-28257 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-657 ZDI-CAN-16789 Adobe CVE-2022-28265 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-656 ZDI-CAN-16788 Adobe CVE-2022-28258 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-655 ZDI-CAN-16787 Adobe CVE-2022-28263 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-654 ZDI-CAN-16786 Adobe CVE-2022-28259 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-653 ZDI-CAN-16785 Adobe CVE-2022-28267 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-652 ZDI-CAN-16784 Adobe CVE-2022-28264 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-651 ZDI-CAN-16757 Adobe CVE-2022-28262 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-650 ZDI-CAN-16756 Adobe CVE-2022-28260 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-649 ZDI-CAN-16755 Adobe CVE-2022-28261 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-648 ZDI-CAN-16754 Adobe CVE-2022-28266 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-647 ZDI-CAN-16734 Adobe CVE-2022-28248 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-646 ZDI-CAN-16730 Adobe CVE-2022-28246 3.3 April 28, 2022 Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-645 ZDI-CAN-16711 Adobe CVE-2022-28249 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-644 ZDI-CAN-16538 Adobe CVE-2022-28238 7.8 April 28, 2022 Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability ZDI-22-643 ZDI-CAN-16506 Adobe CVE-2022-28272 7.8 April 28, 2022 Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-642 ZDI-CAN-16505 Adobe CVE-2022-28273 7.8 April 28, 2022 Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-641 ZDI-CAN-16504 Adobe CVE-2022-28274 7.8 April 28, 2022 Adobe Photoshop Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-640 ZDI-CAN-16475 Adobe CVE-2022-28279 7.8 April 28, 2022 Adobe Photoshop Font Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-639 ZDI-CAN-16474 Adobe CVE-2022-28275 7.8 April 28, 2022 Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-638 ZDI-CAN-16473 Adobe CVE-2022-28278 7.8 April 28, 2022 Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-637 ZDI-CAN-16472 Adobe CVE-2022-28277 7.8 April 28, 2022 Adobe Photoshop PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-636 ZDI-CAN-16471 Adobe CVE-2022-28276 7.8 April 28, 2022 Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-635 ZDI-CAN-16414 Adobe CVE-2022-24098 7.8 April 28, 2022 Adobe Photoshop PCX File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-634 ZDI-CAN-16410 Adobe CVE-2022-24105 7.8 April 28, 2022 Adobe Photoshop U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-633 ZDI-CAN-16183 Adobe CVE-2022-27789 7.8 April 28, 2022 Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability ZDI-22-632 ZDI-CAN-16131 Adobe CVE-2022-28270 7.8 April 28, 2022 Adobe Photoshop SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-631 ZDI-CAN-16096 Adobe CVE-2022-27794 7.8 April 28, 2022 Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability ZDI-22-630 ZDI-CAN-16091 Adobe CVE-2022-27792 7.8 April 28, 2022 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-629 ZDI-CAN-16090 Adobe CVE-2022-27793 7.8 April 28, 2022 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-628 ZDI-CAN-16089 Adobe CVE-2022-27791 7.8 April 28, 2022 Adobe Acrobat Reader DC Font Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-627 ZDI-CAN-16025 Adobe CVE-2022-24101 3.3 April 28, 2022 Adobe Acrobat Reader DC Annotation Use-After-Free Information Disclosure Vulnerability ZDI-22-626 ZDI-CAN-15838 Adobe CVE-2022-24102 7.8 April 28, 2022 Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability ZDI-22-625 ZDI-CAN-15763 Adobe CVE-2022-24104 7.8 April 28, 2022 Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability ZDI-22-624 ZDI-CAN-15809 Adobe CVE-2022-24103 7.8 April 28, 2022 Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability ZDI-22-623 ZDI-CAN-15592 Siemens CVE-2022-28663 7.8 April 28, 2022 Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-622 ZDI-CAN-16679 Sante CVE-2022-28668 7.8 April 28, 2022 Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-621 ZDI-CAN-15918 Samsung CVE-2022-1230 3.9 April 12, 2022 (Pwn2Own) Samsung Galaxy S21 loadUrl Open Redirect Privilege Escalation Vulnerability ZDI-22-620 ZDI-CAN-16316 Trend Micro CVE-2022-28339 7.3 April 12, 2022 Trend Micro HouseCall for Home Networks Uncontrolled Search Path Element Privilege Escalation Vulnerability ZDI-22-619 ZDI-CAN-16587 Tukaani CVE-2022-1271 7.0 April 12, 2022 Tukaani XZ Utils xzgrep Argument Injection Remote Code Execution Vulnerability ZDI-22-618 ZDI-CAN-16379 Bentley CVE-2022-28318 7.8 April 12, 2022 Bentley MicroStation CONNECT IFC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-617 ZDI-CAN-16573 Bentley CVE-2022-28647 7.8 April 12, 2022 Bentley MicroStation CONNECT IFC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-616 ZDI-CAN-16570 Bentley CVE-2022-28646 7.8 April 12, 2022 Bentley MicroStation CONNECT IFC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-615 ZDI-CAN-16581 Bentley CVE-2022-1229 7.8 April 12, 2022 Bentley MicroStation CONNECT IFC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-614 ZDI-CAN-16446 Bentley CVE-2022-28302 7.8 April 12, 2022 Bentley MicroStation CONNECT IFC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-613 ZDI-CAN-16390 Bentley CVE-2022-28641 7.8 April 12, 2022 Bentley MicroStation CONNECT IFC File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-612 ZDI-CAN-16392 Bentley CVE-2022-28301 7.8 April 12, 2022 Bentley MicroStation CONNECT IFC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-611 ZDI-CAN-16469 Bentley CVE-2022-28644 7.8 April 12, 2022 Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-610 ZDI-CAN-16470 Bentley CVE-2022-28645 3.3 April 12, 2022 Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-609 ZDI-CAN-16468 Bentley CVE-2022-28643 7.8 April 12, 2022 Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-608 ZDI-CAN-16424 Bentley CVE-2022-28642 7.8 April 12, 2022 Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-607 ZDI-CAN-16368 Bentley CVE-2022-28316 7.8 April 12, 2022 Bentley MicroStation CONNECT IFC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-606 ZDI-CAN-16367 Bentley CVE-2022-28315 7.8 April 12, 2022 Bentley MicroStation CONNECT IFC File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-605 ZDI-CAN-16332 Bentley CVE-2022-28314 7.8 April 12, 2022 Bentley MicroStation CONNECT IFC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-604 ZDI-CAN-16369 Bentley 7.8 April 12, 2022 Bentley MicroStation CONNECT IFC File Parsing Uninitialized Variable Remote Code Execution Vulnerability ZDI-22-603 ZDI-CAN-16343 Bentley CVE-2022-28313 3.3 April 12, 2022 Bentley MicroStation CONNECT 3DS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-602 ZDI-CAN-16342 Bentley CVE-2022-28312 3.3 April 12, 2022 Bentley MicroStation CONNECT 3DS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-601 ZDI-CAN-16341 Bentley CVE-2022-28311 7.8 April 12, 2022 Bentley MicroStation CONNECT DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-600 ZDI-CAN-16308 Bentley CVE-2022-28309 3.3 April 12, 2022 Bentley View 3DS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-599 ZDI-CAN-16307 Bentley CVE-2022-28308 3.3 April 12, 2022 Bentley View 3DS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-598 ZDI-CAN-16306 Bentley CVE-2022-28307 7.8 April 12, 2022 Bentley View DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-597 ZDI-CAN-16282 Bentley CVE-2022-28320 7.8 April 12, 2022 Bentley View 3DM File Parsing Uninitialized Variable Remote Code Execution Vulnerability ZDI-22-596 ZDI-CAN-16280 Bentley CVE-2022-28303 7.8 April 12, 2022 Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-595 ZDI-CAN-16174 Bentley CVE-2022-28306 7.8 April 12, 2022 Bentley MicroStation CONNECT OBJ File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-594 ZDI-CAN-16171 Bentley CVE-2022-28304 7.8 April 12, 2022 Bentley MicroStation CONNECT OBJ File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-593 ZDI-CAN-16172 Bentley CVE-2022-28305 7.8 April 12, 2022 Bentley MicroStation CONNECT OBJ File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-592 ZDI-CAN-16202 Bentley CVE-2022-28300 7.8 April 12, 2022 Bentley MicroStation CONNECT JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-591 ZDI-CAN-16340 Bentley CVE-2022-28319 7.8 April 12, 2022 Bentley MicroStation CONNECT 3DM File Parsing Uninitialized Variable Remote Code Execution Vulnerability ZDI-22-590 ZDI-CAN-16339 Bentley CVE-2022-28310 7.8 April 12, 2022 Bentley MicroStation CONNECT SKP File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-589 ZDI-CAN-15176 Rockwell Automation CVE-2022-1118 7.8 April 8, 2022 Rockwell Automation Connected Components Workbench CCWARC File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability ZDI-22-588 ZDI-CAN-15175 Rockwell Automation CVE-2022-1118 7.8 April 8, 2022 Rockwell Automation Connected Components Workbench CCWARC File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability ZDI-22-587 ZDI-CAN-15174 Rockwell Automation CVE-2022-1118 7.8 April 8, 2022 Rockwell Automation Connected Components Workbench CCWARC File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability ZDI-22-586 ZDI-CAN-15173 Rockwell Automation CVE-2022-1118 7.8 April 8, 2022 Rockwell Automation Connected Components Workbench CCWARC File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability ZDI-22-585 ZDI-CAN-15179 Rockwell Automation 5.5 April 5, 2022 Rockwell Automation Connected Components Workbench ccwsln File Parsing XML External Entity Processing Information Disclosure Vulnerability ZDI-22-584 ZDI-CAN-15177 Rockwell Automation 5.5 April 5, 2022 Rockwell Automation Connected Components Workbench ccwsln File Parsing XML External Entity Processing Information Disclosure Vulnerability ZDI-22-583 ZDI-CAN-15180 Schneider Electric CVE-2022-0221 5.5 April 5, 2022 Schneider Electric SCADAPack Workbench isasln File Parsing XML External Entity Processing Information Disclosure Vulnerability ZDI-22-582 ZDI-CAN-15181 Schneider Electric CVE-2022-0221 5.5 April 5, 2022 Schneider Electric SCADAPack Workbench isasln File Parsing XML External Entity Processing Information Disclosure Vulnerability ZDI-22-581 ZDI-CAN-14778 Omron CVE-2022-26022 7.8 April 5, 2022 Omron CX-One CX-Position NCI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-580 ZDI-CAN-14776 Omron CVE-2022-26419 7.8 April 5, 2022 Omron CX-One CX-Position NCI File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-579 ZDI-CAN-14775 Omron CVE-2022-26419 7.8 April 5, 2022 Omron CX-One CX-Position NCI File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-578 ZDI-CAN-14753 Omron CVE-2022-26417 7.8 April 5, 2022 Omron CX-One CX-Position NCI File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-577 ZDI-CAN-14677 Omron CVE-2022-25959 7.8 April 5, 2022 Omron CX-One CX-Position NCI File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-576 ZDI-CAN-14676 Omron CVE-2022-26419 7.8 April 5, 2022 Omron CX-One CX-Position NCI File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-575 ZDI-CAN-14674 Omron CVE-2022-26419 7.8 April 5, 2022 Omron CX-One CX-Position NCI File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-574 ZDI-CAN-16015 Autodesk CVE-2022-25796 7.8 April 5, 2022 Autodesk Navisworks Freedom DWF File Parsing Double Free Remote Code Execution Vulnerability ZDI-22-573 ZDI-CAN-16048 Autodesk CVE-2022-25791 7.8 April 5, 2022 Autodesk Navisworks Manage DWF File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-572 ZDI-CAN-16047 Autodesk CVE-2022-25791 7.8 April 5, 2022 Autodesk Navisworks Manage DWFX File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-571 ZDI-CAN-16046 Autodesk CVE-2022-25789 7.8 April 5, 2022 Autodesk Navisworks Manage DWFX File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-570 ZDI-CAN-16044 Autodesk CVE-2022-25790 7.8 April 5, 2022 Autodesk Navisworks Manage DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-569 ZDI-CAN-16043 Autodesk CVE-2022-25790 7.8 April 5, 2022 Autodesk Navisworks Manage DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-568 ZDI-CAN-16041 Autodesk CVE-2022-27528 7.8 April 5, 2022 Autodesk Navisworks Manage SKP File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-567 ZDI-CAN-16040 Autodesk CVE-2022-25792 7.8 April 5, 2022 Autodesk Navisworks Manage DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-566 ZDI-CAN-16045 Autodesk CVE-2022-27528 7.8 April 5, 2022 Autodesk Navisworks Manage SKP File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-565 ZDI-CAN-16012 Autodesk CVE-2022-25792 7.8 April 5, 2022 Autodesk Navisworks Freedom DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-564 ZDI-CAN-16016 Autodesk CVE-2022-25791 7.8 April 5, 2022 Autodesk Navisworks Freedom DWFX File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-563 ZDI-CAN-16014 Autodesk CVE-2022-25790 7.8 April 5, 2022 Autodesk Navisworks Freedom DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-562 ZDI-CAN-16009 Autodesk CVE-2022-25790 7.8 April 5, 2022 Autodesk Navisworks Freedom DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-561 ZDI-CAN-16018 Autodesk CVE-2022-25791 7.8 April 5, 2022 Autodesk Navisworks Freedom DWF File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-560 ZDI-CAN-16011 Autodesk CVE-2022-25790 7.8 April 5, 2022 Autodesk Navisworks Freedom DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-559 ZDI-CAN-16013 Autodesk CVE-2022-25790 7.8 April 5, 2022 Autodesk Navisworks Freedom DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-558 ZDI-CAN-16017 Autodesk CVE-2022-25791 7.8 April 5, 2022 Autodesk Navisworks Freedom DWF File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-557 ZDI-CAN-16010 Autodesk CVE-2022-27528 7.8 April 5, 2022 Autodesk Navisworks Freedom DWFX File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-556 ZDI-CAN-15522 Autodesk CVE-2022-25795 7.8 April 5, 2022 Autodesk Navisworks Manage PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-555 ZDI-CAN-15521 Autodesk CVE-2022-25795 7.8 April 5, 2022 Autodesk Navisworks Manage PDF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ZDI-22-554 ZDI-CAN-15686 Autodesk CVE-2022-25792 7.8 April 5, 2022 Autodesk Navisworks Freedom DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-553 ZDI-CAN-15672 Autodesk CVE-2022-25790 7.8 April 5, 2022 Autodesk Navisworks Freedom DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-552 ZDI-CAN-15466 Autodesk CVE-2022-25795 7.8 April 5, 2022 Autodesk Navisworks Manage PDF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ZDI-22-551 ZDI-CAN-15451 Autodesk CVE-2022-25795 7.8 April 5, 2022 Autodesk Navisworks Manage PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-550 ZDI-CAN-15519 Autodesk CVE-2022-25795 7.8 April 5, 2022 Autodesk Navisworks Manage PDF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ZDI-22-549 ZDI-CAN-15518 Autodesk CVE-2022-25795 7.8 April 5, 2022 Autodesk Navisworks Manage PDF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ZDI-22-548 ZDI-CAN-15517 Autodesk CVE-2022-25795 7.8 April 5, 2022 Autodesk Navisworks Manage PDF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ZDI-22-547 ZDI-CAN-15917 Samsung 6.1 April 5, 2022 (0Day) (Pwn2Own) Samsung Galaxy S21 Exposed Dangerous Method Local Privilege Escalation Vulnerability ZDI-22-546 ZDI-CAN-14816 Trend Micro CVE-2022-27883 7.8 April 1, 2022 Trend Micro Antivirus for Mac Link Following Privilege Escalation Vulnerability ZDI-22-545 ZDI-CAN-15307 Siemens 3.3 March 29, 2022 (0Day) Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Information Disclosure Vulnerability ZDI-22-544 ZDI-CAN-15806 NETGEAR CVE-2022-27641 8.8 March 29, 2022 (Pwn2Own) Netgear R6700v3 NetUSB Integer Overflow Remote Code Execution Vulnerability ZDI-22-543 ZDI-CAN-14868 KOYO CVE-2022-27648 7.8 March 29, 2022 KOYO Screen Creator SCA2 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-542 ZDI-CAN-15114 Siemens 7.8 March 28, 2022 March 29, 2022 (0Day) Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-541 ZDI-CAN-14468 Array Networks 7.8 April 4, 2022 April 4, 2022 (0Day) Array Networks MotionPro Buffer Overflow Remote Code Execution Vulnerability ZDI-22-540 ZDI-CAN-16128 Adobe CVE-2021-44705 3.3 March 25, 2022 Adobe Acrobat Reader DC JP2 File Parsing Use-After-Free Information Disclosure Vulnerability ZDI-22-539 ZDI-CAN-16127 Adobe CVE-2021-44707 7.8 March 25, 2022 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-538 ZDI-CAN-14615 Epic Games 6.1 March 24, 2022 March 29, 2022 (0Day) Epic Games Launcher Link Following Denial-of-Service Vulnerability ZDI-22-537 ZDI-CAN-14604 Epic Games 6.1 March 24, 2022 March 29, 2022 (0Day) Epic Games Launcher Link Following Denial-of-Service Vulnerability ZDI-22-536 ZDI-CAN-14470 Electronic Arts 7.8 March 24, 2022 March 29, 2022 (0Day) Electronic Arts Origin Web Helper Service Link Following Privilege Escalation Vulnerability ZDI-22-535 ZDI-CAN-15832 HP CVE-2022-24292 4.3 March 23, 2022 (Pwn2Own) HP LaserJet Pro MFP M283fdw CFF Font Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-534 ZDI-CAN-15897 HP CVE-2022-24291 6.5 March 23, 2022 (Pwn2Own) HP LaserJet Pro MFP M283fdw ScanJobs Memory Corruption Denial-of-Service Vulnerability ZDI-22-533 ZDI-CAN-15896 HP CVE-2022-24293 8.0 March 23, 2022 (Pwn2Own) HP LaserJet Pro MFP M283fdw eContactRestore Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-532 ZDI-CAN-15831 HP CVE-2022-3942 8.8 March 23, 2022 (Pwn2Own) HP LaserJet Pro MFP M283fdw LLMNR Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-531 ZDI-CAN-15696 Siemens CVE-2021-45465 7.8 March 23, 2022 Siemens syngo fastView BMP File Parsing Write-what-where Condition Remote Code Execution Vulnerability ZDI-22-530 ZDI-CAN-15876 Netatalk CVE-2022-0194 9.8 March 23, 2022 (Pwn2Own) Netatalk ad_addcomment Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-529 ZDI-CAN-15837 Netatalk CVE-2022-23122 9.8 March 23, 2022 (Pwn2Own) Netatalk setfilparams Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-528 ZDI-CAN-15830 Netatalk CVE-2022-23123 5.3 March 23, 2022 (Pwn2Own) Netatalk getdirparams Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-527 ZDI-CAN-15819 Netatalk CVE-2022-23121 9.8 March 23, 2022 (Pwn2Own) Netatalk parse_entries Improper Handling of Exceptional Conditions Remote Code Execution Vulnerability ZDI-22-526 ZDI-CAN-15869 Netatalk CVE-2022-23125 9.8 March 23, 2022 (Pwn2Own) Netatalk copyapplfile Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-525 ZDI-CAN-15870 Netatalk CVE-2022-23124 5.3 March 23, 2022 (Pwn2Own) Netatalk get_finderinfo Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-524 ZDI-CAN-15874 NETGEAR CVE-2022-27647 8.0 March 23, 2022 (Pwn2Own) NETGEAR R6700v3 libreadycloud.so Command Injection Remote Code Execution Vulnerability ZDI-22-523 ZDI-CAN-15879 NETGEAR CVE-2022-27646 8.0 March 23, 2022 (Pwn2Own) NETGEAR R6700v3 circled Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-522 ZDI-CAN-15762 NETGEAR CVE-2022-27645 8.8 March 23, 2022 (Pwn2Own) NETGEAR R6700v3 readycloud_control.cgi Authentication Bypass Vulnerability ZDI-22-521 ZDI-CAN-15782 NETGEAR 3.1 March 23, 2022 (Pwn2Own) NETGEAR R6700v3 Missing Authentication for Critical Function Arbitrary File Upload Vulnerability ZDI-22-520 ZDI-CAN-15797 NETGEAR CVE-2022-27644 5.0 March 23, 2022 (Pwn2Own) NETGEAR R6700v3 Improper Certificate Validation Vulnerability ZDI-22-519 ZDI-CAN-15692 NETGEAR CVE-2022-27643 8.8 March 23, 2022 (Pwn2Own) NETGEAR R6700v3 upnpd Buffer Overflow Remote Code Execution Vulnerability ZDI-22-518 ZDI-CAN-15854 NETGEAR CVE-2022-27642 6.3 March 23, 2022 (Pwn2Own) NETGEAR R6700v3 httpd Authentication Bypass Vulnerability ZDI-22-517 ZDI-CAN-15747 Apple CVE-2022-22629 8.8 March 22, 2022 Apple Safari WebGLMultiDraw Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-516 ZDI-CAN-15834 Canon CVE-2022-24674 8.8 March 18, 2022 (Pwn2Own) Canon imageCLASS MF644Cdw privet Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-515 ZDI-CAN-15845 Canon CVE-2022-24673 8.8 March 18, 2022 (Pwn2Own) Canon imageCLASS MF644Cdw SLP Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-514 ZDI-CAN-15802 Canon CVE-2022-24672 8.8 March 18, 2022 (Pwn2Own) Canon imageCLASS MF644Cdw CADM Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-513 ZDI-CAN-16130 Adobe CVE-2022-24092 7.8 March 18, 2022 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-512 ZDI-CAN-16129 Adobe CVE-2022-24091 7.8 March 18, 2022 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-511 ZDI-CAN-15048 Siemens CVE-2021-46162 7.8 March 18, 2022 Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-510 ZDI-CAN-15943 Apple CVE-2022-22584 3.3 March 16, 2022 Apple macOS ColorSync ICC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-509 ZDI-CAN-15061 Siemens CVE-2021-46699 7.8 March 16, 2022 Siemens Simcenter Femap BDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-508 ZDI-CAN-15192 Cisco CVE-2015-3269 7.5 March 11, 2022 Cisco Nexus Dashboard Fabric Controller XML External Entity Processing Information Disclosure Vulnerability ZDI-22-507 ZDI-CAN-14806 Cisco CVE-2017-5641 7.8 March 11, 2022 Cisco Nexus Dashboard Fabric Controller Improper Privilege Management Privilege Escalation Vulnerability ZDI-22-506 ZDI-CAN-14805 Cisco CVE-2017-5641 7.3 March 11, 2022 Cisco Nexus Dashboard Fabric Controller AMF Deserialization of Untrusted Data Remote Code Execution Vulnerability ZDI-22-505 ZDI-CAN-15564 Autodesk CVE-2021-27039 7.8 March 11, 2022 Autodesk AutoCAD PCX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-504 ZDI-CAN-15662 Autodesk CVE-2022-25788 7.8 March 11, 2022 Autodesk AutoCAD JT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-503 ZDI-CAN-16517 MyBB CVE-2022-24734 7.2 March 11, 2022 MyBB Admin Control Panel Code Injection Remote Code Execution Vulnerability ZDI-22-502 ZDI-CAN-16716 Mozilla CVE-2022-26381 8.8 March 9, 2022 Mozilla Firefox textPath Element Use-After-Free Remote Code Execution Vulnerability ZDI-22-501 ZDI-CAN-15764 Microsoft CVE-2022-24509 7.8 March 9, 2022 Microsoft Office Visio EMF EMR_COMMENT_EMFPLUS Untrusted Pointer Dereference Remote Code Execution Vulnerability ZDI-22-500 ZDI-CAN-15730 Microsoft CVE-2022-24461 7.8 March 9, 2022 Microsoft Office Visio EMF EMR_COMMENT_EMFPLUS Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-499 ZDI-CAN-7819 Microsoft CVE-2022-24455 7.8 March 9, 2022 Microsoft Windows CD-ROM Driver Uninitialized Pointer Privilege Escalation Vulnerability ZDI-22-498 ZDI-CAN-7818 Microsoft CVE-2022-24455 7.8 March 9, 2022 Microsoft Windows CD-ROM Driver Uninitialized Pointer Privilege Escalation Vulnerability ZDI-22-497 ZDI-CAN-15986 Microsoft CVE-2022-23281 4.2 March 9, 2022 Microsoft Windows CLFS Integer Overflow Information Disclosure Vulnerability ZDI-22-496 ZDI-CAN-16123 Microsoft CVE-2022-23266 8.8 March 9, 2022 Microsoft Azure Defender for IoT Password Change Command Injection Privilege Escalation Vulnerability ZDI-22-495 ZDI-CAN-15761 Microsoft CVE-2022-23265 4.2 March 9, 2022 Microsoft Azure Defender for IoT Password Change Command Injection Local Privilege Escalation Vulnerability ZDI-22-494 ZDI-CAN-15754 Microsoft CVE-2022-24510 7.8 March 9, 2022 Microsoft Office Visio EMF EMR_COMMENT_EMFPLUS Type Confusion Remote Code Execution Vulnerability ZDI-22-493 ZDI-CAN-16030 Microsoft CVE-2022-23299 8.8 March 9, 2022 Microsoft Windows win32kfull PDEV Use-After-Free Local Privilege Escalation Vulnerability ZDI-22-492 ZDI-CAN-14446 Ecava 3.3 March 9, 2022 March 29, 2022 (0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability ZDI-22-491 ZDI-CAN-14445 Ecava 7.8 March 9, 2022 March 29, 2022 (0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Write Remote Code Execution Vulnerability ZDI-22-490 ZDI-CAN-14444 Ecava 7.8 March 9, 2022 March 29, 2022 (0Day) Ecava IntegraXor Inkscape WMF File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-489 ZDI-CAN-14384 Ecava 3.3 March 9, 2022 March 29, 2022 (0Day) Ecava IntegraXor Inkscape EMF File Parsing Uninitialized Pointer Information Disclosure Vulnerability ZDI-22-488 ZDI-CAN-14383 Ecava 3.3 March 9, 2022 March 29, 2022 (0Day) Ecava IntegraXor Inkscape EMF File Parsing Uninitialized Pointer Information Disclosure Vulnerability ZDI-22-487 ZDI-CAN-14382 Ecava 3.3 March 9, 2022 March 29, 2022 (0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability ZDI-22-486 ZDI-CAN-14381 Ecava 3.3 March 9, 2022 March 29, 2022 (0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability ZDI-22-485 ZDI-CAN-14275 Ecava 3.3 March 9, 2022 March 29, 2022 (0Day) Ecava IntegraXor Inkscape PCX File Parsing Out-Of-Bound Read Information Disclosure Vulnerability ZDI-22-484 ZDI-CAN-15206 Bitdefender CVE-2021-4199 7.8 March 9, 2022 Bitdefender Total Security Link Following Local Privilege Escalation Vulnerability ZDI-22-483 ZDI-CAN-15197 Bitdefender CVE-2021-4198 6.1 March 9, 2022 Bitdefender Total Security Link Following Denial-of-Service Vulnerability ZDI-22-482 ZDI-CAN-15560 Autodesk CVE-2021-27036 7.8 March 7, 2022 July 14, 2022 Autodesk AutoCAD TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-481 ZDI-CAN-15561 Autodesk CVE-2021-27035 3.3 March 7, 2022 Autodesk AutoCAD TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-480 ZDI-CAN-15562 Autodesk CVE-2021-27035 7.8 March 7, 2022 Autodesk AutoCAD PCX File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-479 ZDI-CAN-15563 Autodesk CVE-2021-27036 7.8 March 7, 2022 July 14, 2022 Autodesk AutoCAD PICT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-478 ZDI-CAN-15565 Autodesk CVE-2021-27041 7.8 March 7, 2022 Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-477 ZDI-CAN-15566 Autodesk CVE-2022-25789 7.8 March 7, 2022 Autodesk AutoCAD DWFX File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-476 ZDI-CAN-15567 Autodesk CVE-2022-25792 7.8 March 7, 2022 Autodesk AutoCAD DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-475 ZDI-CAN-15568 Autodesk CVE-2022-25790 7.8 March 7, 2022 Autodesk AutoCAD DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-474 ZDI-CAN-15569 Autodesk CVE-2021-40160 7.8 March 7, 2022 July 14, 2022 Autodesk AutoCAD PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-473 ZDI-CAN-15570 Autodesk CVE-2021-27040 7.8 March 7, 2022 Autodesk AutoCAD PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-472 ZDI-CAN-15576 Autodesk CVE-2022-25795 7.8 March 7, 2022 Autodesk AutoCAD PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-471 ZDI-CAN-15577 Autodesk CVE-2022-25789 7.8 March 7, 2022 Autodesk AutoCAD 3DS File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-470 ZDI-CAN-15578 Autodesk CVE-2021-27043 7.8 March 7, 2022 Autodesk AutoCAD PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-469 ZDI-CAN-15579 Autodesk CVE-2022-25795 7.8 March 7, 2022 Autodesk AutoCAD PDF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ZDI-22-468 ZDI-CAN-15614 Autodesk CVE-2022-25795 7.8 March 7, 2022 Autodesk AutoCAD PDF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ZDI-22-467 ZDI-CAN-15615 Autodesk CVE-2022-25795 7.8 March 7, 2022 Autodesk AutoCAD PDF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ZDI-22-466 ZDI-CAN-15616 Autodesk CVE-2021-40158 7.8 March 7, 2022 Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-465 ZDI-CAN-15552 Autodesk CVE-2022-25789 7.8 March 7, 2022 Autodesk AutoCAD DWF File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-464 ZDI-CAN-15553 Autodesk CVE-2022-25791 7.8 March 7, 2022 Autodesk AutoCAD DWF File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-463 ZDI-CAN-15554 Autodesk CVE-2022-25790 7.8 March 7, 2022 Autodesk AutoCAD DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-462 ZDI-CAN-15555 Autodesk CVE-2021-27036 3.3 March 7, 2022 Autodesk AutoCAD PICT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-461 ZDI-CAN-15556 Autodesk CVE-2022-25789 7.8 March 7, 2022 Autodesk AutoCAD PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-460 ZDI-CAN-15557 Autodesk CVE-2022-25792 7.8 March 7, 2022 Autodesk AutoCAD PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-459 ZDI-CAN-15558 Autodesk CVE-2021-27037 7.8 March 7, 2022 Autodesk AutoCAD TIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-458 ZDI-CAN-15559 Autodesk CVE-2021-27036 7.8 March 7, 2022 Autodesk AutoCAD PICT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-457 ZDI-CAN-15273 Autodesk CVE-2021-27036 7.8 March 7, 2022 Autodesk AutoCAD BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-456 ZDI-CAN-15298 Autodesk CVE-2021-27036 7.8 March 7, 2022 Autodesk AutoCAD PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-455 ZDI-CAN-15618 Autodesk CVE-2021-40158 7.8 March 7, 2022 Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-454 ZDI-CAN-15619 Autodesk CVE-2021-40158 7.8 March 7, 2022 Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-453 ZDI-CAN-15620 Autodesk CVE-2021-40158 7.8 March 7, 2022 Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-452 ZDI-CAN-15617 Autodesk CVE-2021-40158 7.8 March 7, 2022 Autodesk AutoCAD JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-451 ZDI-CAN-15622 Autodesk CVE-2021-40158 7.8 March 7, 2022 Autodesk AutoCAD JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-450 ZDI-CAN-15621 Autodesk CVE-2021-40158 7.8 March 7, 2022 Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-449 ZDI-CAN-15623 Autodesk CVE-2021-40158 7.8 March 7, 2022 Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-448 ZDI-CAN-15657 Autodesk CVE-2021-40158 7.8 March 7, 2022 Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-447 ZDI-CAN-15656 Autodesk CVE-2021-40158 7.8 March 7, 2022 Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-446 ZDI-CAN-15625 Autodesk CVE-2021-27042 7.8 March 7, 2022 Autodesk AutoCAD JT File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-445 ZDI-CAN-15661 Autodesk CVE-2021-40158 7.8 March 7, 2022 Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-444 ZDI-CAN-15659 Autodesk CVE-2021-40158 7.8 March 7, 2022 Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-443 ZDI-CAN-15660 Autodesk CVE-2021-40158 7.8 March 7, 2022 Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-442 ZDI-CAN-15658 Autodesk CVE-2022-25788 7.8 March 7, 2022 Autodesk AutoCAD JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-441 ZDI-CAN-15624 Autodesk CVE-2021-40158 7.8 March 7, 2022 Autodesk AutoCAD JT File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-440 ZDI-CAN-14854 Fatek Automation CVE-2022-23985 7.8 March 7, 2022 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-439 ZDI-CAN-14858 Fatek Automation CVE-2022-21209 7.8 March 7, 2022 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-438 ZDI-CAN-14855 Fatek Automation CVE-2022-23985 7.8 March 7, 2022 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-437 ZDI-CAN-14852 Fatek Automation CVE-2022-23985 7.8 March 7, 2022 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-436 ZDI-CAN-14853 Fatek Automation CVE-2022-21209 7.8 March 7, 2022 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-435 ZDI-CAN-14591 Fatek Automation CVE-2022-21209 7.8 March 7, 2022 Fatek Automation FvDesigner FPJ File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-434 ZDI-CAN-14802 Fatek Automation CVE-2022-23985 7.8 March 7, 2022 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-433 ZDI-CAN-14800 Fatek Automation CVE-2022-23985 7.8 March 7, 2022 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-432 ZDI-CAN-14797 Fatek Automation CVE-2022-23985 7.8 March 7, 2022 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-431 ZDI-CAN-14233 Kaspersky CVE-2021-35053 6.1 March 3, 2022 March 4, 2022 Kaspersky Total Security Link Following Denial-of-Service Vulnerability ZDI-22-430 ZDI-CAN-15141 Adobe CVE-2021-42734 3.3 March 2, 2022 Adobe Photoshop TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-429 ZDI-CAN-15246 Adobe CVE-2021-39865 3.3 March 2, 2022 Adobe FrameMaker TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-428 ZDI-CAN-14533 Microsoft 5.3 March 1, 2022 (0Day) Microsoft Visual Studio Link Following Denial-of-Service Vulnerability ZDI-22-427 ZDI-CAN-14534 Microsoft 5.3 March 1, 2022 (0Day) Microsoft Visual Studio Link Following Denial-of-Service Vulnerability ZDI-22-426 ZDI-CAN-14528 Microsoft 6.1 March 1, 2022 (0Day) Microsoft .NET Link Following Denial-of-Service Vulnerability ZDI-22-425 ZDI-CAN-14586 Microsoft 5.3 March 1, 2022 (0Day) Microsoft Visual Studio Link Following Denial-of-Service Vulnerability ZDI-22-424 ZDI-CAN-15581 Delta Industrial Automation 7.5 March 1, 2022 March 30, 2022 (0Day) Delta Industrial Automation DIAEnergie AM_Handler SQL Injection Information Disclosure Vulnerability ZDI-22-423 ZDI-CAN-15580 Delta Industrial Automation 9.8 March 1, 2022 March 30, 2022 (0Day) Delta Industrial Automation DIAEnergie HandlerPage_KID Arbitrary File Upload Remote Code Execution Vulnerability ZDI-22-422 ZDI-CAN-15202 Delta Industrial Automation CVE-2022-1404 7.8 March 1, 2022 May 10, 2022 (0Day) Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-421 ZDI-CAN-15201 Delta Industrial Automation CVE-2022-1404 3.3 March 1, 2022 May 10, 2022 (0Day) Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-420 ZDI-CAN-15946 Cisco CVE-2022-20702 7.0 Feb. 22, 2022 (Pwn2Own) Cisco RV340 utility-ping-request Insecure Temporary File Local Privilege Escalation Vulnerability ZDI-22-419 ZDI-CAN-15940 Cisco CVE-2022-20707 7.8 Feb. 22, 2022 (Pwn2Own) Cisco RV340 JSON RPC file-copy Command Injection Local Privilege Escalation Vulnerability ZDI-22-418 ZDI-CAN-15774 Cisco CVE-2022-20706 9.8 Feb. 22, 2022 (Pwn2Own) Cisco RV340 Plug and Play Command Injection Remote Code Execution Vulnerability ZDI-22-417 ZDI-CAN-15893 Cisco CVE-2022-20708 6.8 Feb. 22, 2022 (Pwn2Own) Cisco RV340 update-clients Command Injection Remote Code Execution Vulnerability ZDI-22-416 ZDI-CAN-15892 Cisco CVE-2022-20709, CVE-2022-20711 6.3 Feb. 22, 2022 (Pwn2Own) Cisco RV340 NGINX Missing Authentication Information Disclosure Vulnerability ZDI-22-415 ZDI-CAN-15848 Cisco CVE-2022-20705 6.5 Feb. 22, 2022 (Pwn2Own) Cisco RV340 NGINX Improper Authentication Unrestricted File Upload Vulnerability ZDI-22-414 ZDI-CAN-15784 Cisco CVE-2022-20699 9.8 Feb. 22, 2022 (Pwn2Own) Cisco RV340 SSLVPN Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-413 ZDI-CAN-15810 Cisco CVE-2022-20703, CVE-2022-20704 7.1 Feb. 22, 2022 (Pwn2Own) Cisco RV340 Firmware Update Improper Certificate Validation Remote Code Execution Vulnerability ZDI-22-412 ZDI-CAN-15886 Cisco CVE-2022-20701 7.8 Feb. 22, 2022 (Pwn2Own) Cisco RV340 confd_cli Unnecessary Privileges Local Privilege Escalation Vulnerability ZDI-22-411 ZDI-CAN-15883 Cisco CVE-2022-20707 4.3 Feb. 22, 2022 (Pwn2Own) Cisco RV340 upload.cgi JSON Command Injection Privilege Escalation Vulnerability ZDI-22-410 ZDI-CAN-15882 Cisco CVE-2022-20705 8.8 Feb. 22, 2022 (Pwn2Own) Cisco RV340 upload.cgi sessionid Improper Input Validation Authentication Bypass Vulnerability ZDI-22-409 ZDI-CAN-15610 Cisco CVE-2022-20705, CVE-2022-20707 8.8 Feb. 22, 2022 (Pwn2Own) Cisco RV340 NGINX sessionid Directory Traversal Authentication Bypass Vulnerability ZDI-22-408 ZDI-CAN-15611 Cisco CVE-2022-20703 8.8 Feb. 22, 2022 (Pwn2Own) Cisco RV340 Firmware Update Missing Integrity Check Remote Code Execution Vulnerability ZDI-22-407 ZDI-CAN-13993 TP-Link CVE-2022-0650 6.8 Feb. 22, 2022 TP-Link TL-WR940N httpd newBridgessid Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-406 ZDI-CAN-13992 TP-Link CVE-2022-24973 6.8 Feb. 22, 2022 TP-Link TL-WR940N httpd ssid1 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-405 ZDI-CAN-13911 TP-Link CVE-2022-24972 6.5 Feb. 22, 2022 TP-Link TL-WR940N httpd Improper Access Control Information Disclosure Vulnerability ZDI-22-404 ZDI-CAN-14724 WECON 7.8 Feb. 22, 2022 (0Day) WECON LeviStudioU UMP File Parsing Trend Tag WordAddr1 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-403 ZDI-CAN-14723 WECON 7.8 Feb. 22, 2022 (0Day) WECON LeviStudioU UMP File Parsing XY Tag WordAddr4 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-402 ZDI-CAN-14721 WECON 7.8 Feb. 22, 2022 (0Day) WECON LeviStudioU UMP File Parsing Trend Tag WordAddr2 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-401 ZDI-CAN-14713 WECON 7.8 Feb. 22, 2022 (0Day) WECON LeviStudioU UMP File Parsing Alarm Tag WordAddr9 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-400 ZDI-CAN-14711 WECON 7.8 Feb. 22, 2022 (0Day) WECON LeviStudioU UMP File Parsing Alarm Tag WordAddr9 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-399 ZDI-CAN-14710 WECON 7.8 Feb. 22, 2022 (0Day) WECON LeviStudioU UMP File Parsing Extra Tag WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-398 ZDI-CAN-14709 WECON 7.8 Feb. 22, 2022 (0Day) WECON LeviStudioU UMP File Parsing Alarm Tag bitaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-397 ZDI-CAN-14707 WECON 7.8 Feb. 22, 2022 (0Day) WECON LeviStudioU UMP File Parsing Extra Tag bitaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-396 ZDI-CAN-14706 WECON 7.8 Feb. 22, 2022 (0Day) WECON LeviStudioU UMP File Parsing Alarm Tag WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-395 ZDI-CAN-14705 WECON 7.8 Feb. 22, 2022 (0Day) WECON LeviStudioU UMP File Parsing Disc Tag WordAddr4 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-394 ZDI-CAN-14704 WECON 7.8 Feb. 22, 2022 (0Day) WECON LeviStudioU UMP File Parsing Disc Tag WordAddr3 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-393 ZDI-CAN-14703 WECON 7.8 Feb. 22, 2022 (0Day) WECON LeviStudioU UMP FIle Parsing Disc Tag WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-392 ZDI-CAN-14702 WECON 7.8 Feb. 22, 2022 (0Day) WECON LeviStudioU UMP File Parsing Disc Tag WordAddr1 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-391 ZDI-CAN-14701 WECON 7.8 Feb. 22, 2022 (0Day) WECON LeviStudioU UMP File Parsing Disc Tag WordAddr2 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-390 ZDI-CAN-14700 WECON 7.8 Feb. 22, 2022 Feb. 22, 2022 (0Day) WECON LeviStudioU UMP File Parsing Trend Tag WordAddr4 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-389 ZDI-CAN-13990 Fuji Electric CVE-2022-21228 7.8 Feb. 22, 2022 March 23, 2022 (0Day) Fuji Electric Alpha5 Servo Operator C5P File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-388 ZDI-CAN-13938 Fuji Electric CVE-2022-21202 3.3 March 23, 2022 March 23, 2022 (0Day) Fuji Electric Alpha5 Servo Operator C5P File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-387 ZDI-CAN-13876 Fuji Electric CVE-2022-21168 3.3 Feb. 22, 2022 March 23, 2022 (0Day) Fuji Electric Alpha5 C5V File Parsing Uninitialized Pointer Information Disclosure Vulnerability ZDI-22-386 ZDI-CAN-14969 Parallels CVE-2021-34987 8.2 Feb. 18, 2022 Parallels Desktop HDAudio Buffer Overflow Local Privilege Escalation Vulnerability ZDI-22-385 ZDI-CAN-13932 Parallels CVE-2021-34986 7.8 Feb. 18, 2022 Parallels Desktop Service Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability ZDI-22-384 ZDI-CAN-15731 Microsoft CVE-2022-21988 7.0 Feb. 18, 2022 Microsoft Office Visio EMF EMR_DELETEOBJECT Use-After-Free Remote Code Execution Vulnerability ZDI-22-383 ZDI-CAN-15585 Microsoft CVE-2022-22716 2.5 Feb. 18, 2022 Microsoft Office Excel XLS File Parsing Untrusted Pointer Dereference Information Disclosure Vulnerability ZDI-22-382 ZDI-CAN-15982 Lexmark CVE-2021-44738 8.8 Feb. 18, 2022 Lexmark MC3224i PostScript Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-381 ZDI-CAN-14886 Microsoft 6.5 Feb. 18, 2022 Microsoft Outlook for Mac Hyperlink UI Misrepresentation Vulnerability ZDI-22-380 ZDI-CAN-15916 Samsung 4.6 Feb. 18, 2022 (Pwn2Own) Samsung Galaxy S21 Improper Error Handling Remote Code Execution Vulnerability ZDI-22-379 ZDI-CAN-15871 Samsung 8.8 Feb. 18, 2022 (Pwn2Own) Samsung Galaxy S21 Open Redirect Remote Code Execution Vulnerability ZDI-22-378 ZDI-CAN-14059 ICONICS CVE-2021-27040 3.3 Feb. 18, 2022 ICONICS GENESIS64 DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-377 ZDI-CAN-13835 Apple CVE-2021-30771 7.8 Feb. 16, 2022 Apple macOS libFontParser TTF Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-376 ZDI-CAN-15254 Adobe CVE-2022-23200 7.8 Feb. 16, 2022 Adobe After Effects 3GP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-375 ZDI-CAN-13664 SolarWinds CVE-2021-35244 8.8 Feb. 16, 2022 SolarWinds Orion Platform Unrestricted File Upload Remote Code Execution Vulnerability ZDI-22-374 ZDI-CAN-14204 Omron CVE-2022-21137 7.8 Feb. 16, 2022 Omron CX-One FLN File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-373 ZDI-CAN-14038 Omron CVE-2022-21137 7.8 Feb. 16, 2022 Omron CX-One SDD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-372 ZDI-CAN-15047 Trend Micro CVE-2022-24678 5.3 Feb. 16, 2022 Trend Micro Apex One Security Agent Resource Exhaustion Denial-of-Service Vulnerability ZDI-22-371 ZDI-CAN-14998 Trend Micro CVE-2022-24671 7.8 Feb. 16, 2022 Trend Micro Antivirus for Mac Link Following Privilege Escalation Vulnerability ZDI-22-370 ZDI-CAN-14926 Trend Micro CVE-2022-24679 7.8 Feb. 16, 2022 Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability ZDI-22-369 ZDI-CAN-14815 Trend Micro CVE-2022-24680 7.8 Feb. 16, 2022 Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability ZDI-22-368 ZDI-CAN-16192 MariaDB CVE-2022-24048 7.0 Feb. 16, 2022 MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability ZDI-22-367 ZDI-CAN-16190 MariaDB CVE-2022-24052 7.0 Feb. 16, 2022 MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability ZDI-22-366 ZDI-CAN-16209 MariaDB CVE-2022-24052 7.0 Feb. 16, 2022 MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability ZDI-22-365 ZDI-CAN-16208 MariaDB CVE-2022-24051 7.0 Feb. 16, 2022 MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability ZDI-22-364 ZDI-CAN-16207 MariaDB CVE-2022-24050 7.0 Feb. 16, 2022 MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability ZDI-22-363 ZDI-CAN-16191 MariaDB CVE-2022-24048 7.0 Feb. 16, 2022 MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability ZDI-22-362 ZDI-CAN-14621 Linux CVE-2022-1043 8.8 Feb. 16, 2022 July 21, 2022 Linux Kernel io_uring Use-After-Free Privilege Escalation Vulnerability ZDI-22-361 ZDI-CAN-15639 Apple CVE-2022-22579 3.3 Feb. 16, 2022 Apple macOS ModelIO STL File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-360 ZDI-CAN-15320 Apple CVE-2021-30995 7.8 Feb. 16, 2022 Apple macOS fclonefileat Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability ZDI-22-359 ZDI-CAN-15199 Apple CVE-2021-30939 3.3 Feb. 16, 2022 Apple macOS ImageIO DDS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-358 ZDI-CAN-15171 Apple CVE-2021-30979 7.8 Feb. 16, 2022 Apple macOS ModelIO ABC File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-357 ZDI-CAN-14385 Apple CVE-2021-30919 7.8 Feb. 16, 2022 Apple macOS CoreGraphics PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-356 ZDI-CAN-14515 Apple CVE-2021-30928 3.3 Feb. 16, 2022 Apple macOS CoreGraphics PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-355 ZDI-CAN-14040 Apple CVE-2021-30832 7.8 Feb. 16, 2022 Apple macOS CVMServer Use-After-Free Privilege Escalation Vulnerability ZDI-22-354 ZDI-CAN-13804 Apple CVE-2021-30825 3.3 Feb. 16, 2022 Apple macOS CoreML MLMODEL File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-353 ZDI-CAN-13806 Apple CVE-2021-30785 7.8 Feb. 16, 2022 Apple macOS ImageIO PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-352 ZDI-CAN-16027 Microsoft CVE-2022-22005 8.8 Feb. 15, 2022 Microsoft SharePoint Chart Deserialization of Untrusted Data Remote Code Execution Vulnerability ZDI-22-351 ZDI-CAN-16187 Foxit CVE-2022-24908 7.8 Feb. 15, 2022 Foxit PDF Reader JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-350 ZDI-CAN-16186 Foxit CVE-2022-24907 7.8 Feb. 15, 2022 Foxit PDF Reader JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-349 ZDI-CAN-15859 Western Digital CVE-2022-22994 8.8 Feb. 15, 2022 (Pwn2Own) Western Digital My Cloud Pro Series PR4100 ConnectivityService Insufficient Verification of Data Authenticity Remote Code Execution Vulnerability ZDI-22-348 ZDI-CAN-15889 Western Digital CVE-2022-22993 8.0 Feb. 15, 2022 (Pwn2Own) Western Digital MyCloud PR4100 cgi_api Server-Side Request Forgery Privilege Escalation Vulnerability ZDI-22-347 ZDI-CAN-15888 Western Digital CVE-2022-22990 6.3 Feb. 15, 2022 (Pwn2Own) Western Digital MyCloud PR4100 nasAdmin Authentication Bypass Vulnerability ZDI-22-346 ZDI-CAN-15804 Western Digital 8.8 Feb. 15, 2022 (Pwn2Own) Western Digital MyCloud PR4100 samba Configuration Remote Code Execution Vulnerability ZDI-22-345 ZDI-CAN-14408 WECON 7.8 Feb. 15, 2022 Feb. 17, 2022 (0Day) WECON LeviStudioU UMP File Parsing XY Tag WordAddr10 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-344 ZDI-CAN-14410 WECON 7.8 Feb. 15, 2022 Feb. 17, 2022 (0Day) WECON LeviStudioU UMP File Parsing Trend Tag WordAddr8 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-343 ZDI-CAN-15245 Adobe CVE-2022-23200 3.3 Feb. 15, 2022 Adobe FrameMaker PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-342 ZDI-CAN-15277 Adobe CVE-2022-23204 3.3 Feb. 15, 2022 Adobe Premiere Rush JPEG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-341 ZDI-CAN-14619 DevExpress CVE-2021-36483 8.8 Feb. 15, 2022 March 10, 2022 DevExpress SafeBinaryFormatter Deserialization of Untrusted Data Remote Code Execution Vulnerability ZDI-22-340 ZDI-CAN-15112 Siemens CVE-2021-44018 7.8 Feb. 15, 2022 Siemens JT2Go PAR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-339 ZDI-CAN-15113 Siemens CVE-2021-38405 3.3 Feb. 15, 2022 Siemens JT2Go PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-338 ZDI-CAN-15110 Siemens CVE-2021-44016 7.8 Feb. 15, 2022 Siemens JT2Go PAR File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-337 ZDI-CAN-15108 Siemens CVE-2021-38405 3.3 Feb. 15, 2022 Siemens JT2Go PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-336 ZDI-CAN-15106 Siemens CVE-2021-38405 7.8 Feb. 15, 2022 Siemens JT2Go PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-335 ZDI-CAN-15053 Siemens CVE-2021-44000 7.8 Feb. 15, 2022 Siemens JT2Go PAR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-334 ZDI-CAN-15107 Siemens CVE-2021-43336 7.8 Feb. 15, 2022 Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-333 ZDI-CAN-15820 Lexmark CVE-2021-44737 8.8 Feb. 15, 2022 (Pwn2Own) Lexmark MC3224i PJL Exposed Dangerous Function Remote Code Execution Vulnerability ZDI-22-332 ZDI-CAN-15844 Lexmark CVE-2021-44734 8.8 Feb. 15, 2022 (Pwn2Own) Lexmark MC3224i Web Configuration File Code Injection Remote Code Execution Vulnerability ZDI-22-331 ZDI-CAN-15800 Lexmark CVE-2021-44736 9.6 Feb. 15, 2022 (Pwn2Own) Lexmark MC3224i Unprotected API Remote Code Execution Vulnerability ZDI-22-330 ZDI-CAN-15894 Lexmark CVE-2021-44735 5.5 Feb. 15, 2022 (Pwn2Own) Lexmark MC3224i Command Injection Remote Code Execution Vulnerability ZDI-22-329 ZDI-CAN-15895 Lexmark CVE-2021-44735 7.8 Feb. 15, 2022 (Pwn2Own) Lexmark MC3224i setuid Local Privilege Escalation Vulnerability ZDI-22-328 ZDI-CAN-15924 Lexmark CVE-2021-44738 8.8 Feb. 15, 2022 (Pwn2Own) Lexmark MC3224i PostScript Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-327 ZDI-CAN-15925 Lexmark CVE-2021-44738 7.1 Feb. 15, 2022 (Pwn2Own) Lexmark MC3224i pagemaker Insufficient Session Expiration Local Privilege Escalation Vulnerability ZDI-22-326 ZDI-CAN-15927 Lexmark CVE-2021-44735 7.8 Feb. 15, 2022 (Pwn2Own) Lexmark MC3224i setuid Local Privilege Escalation Vulnerability ZDI-22-325 ZDI-CAN-15198 Schneider Electric CVE-2022-24313 9.8 Feb. 11, 2022 Feb. 16, 2022 Schneider Electric IGSS IGSSDataServer Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-324 ZDI-CAN-15193 Schneider Electric CVE-2022-24317 5.3 Feb. 11, 2022 Feb. 16, 2022 Schneider Electric IGSS Missing Authentication Information Disclosure Vulnerability ZDI-22-323 ZDI-CAN-15119 Schneider Electric CVE-2022-24316 5.3 Feb. 11, 2022 Feb. 16, 2022 Schneider Electric IGSS IGSSdataServer Uninitialized Memory Information Disclosure Vulnerability ZDI-22-322 ZDI-CAN-15118 Schneider Electric CVE-2022-24315 7.5 Feb. 11, 2022 Feb. 16, 2022 Schneider Electric IGSS Out-Of-Bounds Read Denial-of-Service Vulnerability ZDI-22-321 ZDI-CAN-14943 Schneider Electric CVE-2022-24312 9.8 Feb. 11, 2022 Feb. 16, 2022 Schneider Electric IGSS IGSSdataServer Directory Traversal Remote Code Execution Vulnerability ZDI-22-320 ZDI-CAN-14942 Schneider Electric CVE-2022-24311 9.8 Feb. 11, 2022 Feb. 16, 2022 Schneider Electric IGSS IGSSdataServer Directory Traversal Remote Code Execution Vulnerability ZDI-22-319 ZDI-CAN-15812 Foxit CVE-2022-24971 7.8 Feb. 11, 2022 Foxit PDF Reader JPEG2000 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-318 ZDI-CAN-16193 MariaDB CVE-2022-24051 7.0 Feb. 11, 2022 MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability ZDI-22-317 ZDI-CAN-15296 Microsoft CVE-2022-22002 6.1 Feb. 11, 2022 Microsoft Windows User Profile Picture Link Following Denial-of-Service Vulnerability ZDI-22-316 ZDI-CAN-15302 Siemens CVE-2021-46161 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-315 ZDI-CAN-15286 Siemens CVE-2021-46160 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-314 ZDI-CAN-15050 Siemens CVE-2021-46159 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-313 ZDI-CAN-15602 Siemens CVE-2021-46158 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-312 ZDI-CAN-15289 Siemens CVE-2021-46158 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-311 ZDI-CAN-15085 Siemens CVE-2021-46158 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-310 ZDI-CAN-14757 Siemens CVE-2021-46157 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-309 ZDI-CAN-14684 Siemens CVE-2021-46156 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-308 ZDI-CAN-15593 Siemens CVE-2021-46155 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-307 ZDI-CAN-15303 Siemens CVE-2021-46155 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-306 ZDI-CAN-15283 Siemens CVE-2021-46155 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-305 ZDI-CAN-14683 Siemens CVE-2021-46155 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-304 ZDI-CAN-15304 Siemens CVE-2021-46154 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-303 ZDI-CAN-15084 Siemens CVE-2021-46154 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-302 ZDI-CAN-14679 Siemens CVE-2021-46154 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Uninitialized Variable Remote Code Execution Vulnerability ZDI-22-301 ZDI-CAN-14646 Siemens CVE-2021-46154 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-300 ZDI-CAN-15599 Siemens CVE-2021-46153 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-299 ZDI-CAN-15589 Siemens CVE-2021-46153 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-298 ZDI-CAN-15305 Siemens CVE-2021-46153 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-297 ZDI-CAN-14645 Siemens CVE-2021-46153 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-296 ZDI-CAN-15183 Siemens CVE-2021-46152 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-295 ZDI-CAN-14755 Siemens CVE-2021-46152 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Uninitialized Pointer Remote Code Execution Vulnerability ZDI-22-294 ZDI-CAN-14644 Siemens CVE-2021-46152 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Type Confusion Remote Code Execution Vulnerability ZDI-22-293 ZDI-CAN-14643 Siemens CVE-2021-46152 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Type Confusion Remote Code Execution Vulnerability ZDI-22-292 ZDI-CAN-14754 Siemens CVE-2021-46151 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-291 ZDI-CAN-15082 Siemens CVE-2021-46151 7.8 Feb. 11, 2022 Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-290 ZDI-CAN-14618 BMC CVE-2022-24047 5.3 Feb. 10, 2022 Feb. 11, 2022 BMC Track-It! HTTP Module Improper Access Control Authentication Bypass Vulnerability ZDI-22-289 ZDI-CAN-15668 Autodesk CVE-2021-40159 7.8 Feb. 10, 2022 Autodesk Inventor JT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-288 ZDI-CAN-15667 Autodesk CVE-2021-40158 7.8 Feb. 10, 2022 Autodesk Inventor JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-287 ZDI-CAN-15666 Autodesk CVE-2021-40158 7.8 Feb. 10, 2022 Autodesk Inventor JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-286 ZDI-CAN-15665 Autodesk CVE-2021-40158 7.8 Feb. 10, 2022 Autodesk Inventor JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-285 ZDI-CAN-15664 Autodesk CVE-2021-40158 7.8 Feb. 10, 2022 Autodesk Inventor JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-284 ZDI-CAN-15670 Autodesk CVE-2021-40158 7.8 Feb. 10, 2022 Autodesk Inventor JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-283 ZDI-CAN-15669 Autodesk CVE-2021-40158 7.8 Feb. 10, 2022 Autodesk Inventor JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-282 ZDI-CAN-15671 Autodesk CVE-2021-40159 7.8 Feb. 10, 2022 Autodesk Inventor JT File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-281 ZDI-CAN-15675 Autodesk CVE-2021-40158 7.8 Feb. 10, 2022 Autodesk Inventor JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-280 ZDI-CAN-16087 Foxit CVE-2022-24369 7.8 Feb. 10, 2022 Feb. 18, 2022 Foxit PDF Reader JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-279 ZDI-CAN-16115 Foxit CVE-2022-24368 3.3 Feb. 10, 2022 Feb. 18, 2022 Foxit PDF Reader Doc Use-After-Free Information Disclosure Vulnerability ZDI-22-278 ZDI-CAN-15877 Foxit CVE-2022-24367 7.8 Feb. 10, 2022 Feb. 18, 2022 Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability ZDI-22-277 ZDI-CAN-15853 Foxit CVE-2022-24366 7.8 Feb. 10, 2022 Feb. 18, 2022 Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability ZDI-22-276 ZDI-CAN-15852 Foxit CVE-2022-24365 7.8 Feb. 10, 2022 Feb. 18, 2022 Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability ZDI-22-275 ZDI-CAN-15851 Foxit CVE-2022-24364 7.8 Feb. 10, 2022 Feb. 18, 2022 Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability ZDI-22-274 ZDI-CAN-15861 Foxit CVE-2022-24363 7.8 Feb. 10, 2022 Feb. 18, 2022 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability ZDI-22-273 ZDI-CAN-15987 Foxit CVE-2022-24362 7.8 Feb. 10, 2022 Feb. 18, 2022 Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability ZDI-22-272 ZDI-CAN-15811 Foxit CVE-2022-24361 7.8 Feb. 10, 2022 Feb. 18, 2022 Foxit PDF Reader JPG2000 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-271 ZDI-CAN-15744 Foxit CVE-2022-24360 7.8 Feb. 10, 2022 Feb. 18, 2022 Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability ZDI-22-270 ZDI-CAN-15702 Foxit CVE-2022-24359 7.8 Feb. 10, 2022 Feb. 18, 2022 Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability ZDI-22-269 ZDI-CAN-15703 Foxit CVE-2022-24358 7.8 Feb. 10, 2022 Foxit PDF Reader Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-268 ZDI-CAN-15743 Foxit CVE-2022-24357 7.8 Feb. 10, 2022 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability ZDI-22-267 ZDI-CAN-14848 Foxit CVE-2022-24356 7.8 Feb. 10, 2022 Foxit PDF Reader OnMouseExit Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-266 ZDI-CAN-14819 Foxit CVE-2022-24370 3.3 Feb. 10, 2022 Foxit PDF Reader XFA Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-265 ZDI-CAN-13910 TP-Link CVE-2022-24355 8.8 Feb. 10, 2022 TP-Link TL-WR940N httpd httpRpmFs Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-264 ZDI-CAN-15835 TP-Link CVE-2022-24354 8.8 Feb. 10, 2022 TP-Link AC1750 NetUSB Integer Overflow Remote Code Execution Vulnerability ZDI-22-263 ZDI-CAN-15769 TP-Link CVE-2022-24353 8.8 Feb. 10, 2022 (Pwn2Own) TP-Link AC1750 NetUSB Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-262 ZDI-CAN-15773 TP-Link CVE-2022-24352 8.8 Feb. 10, 2022 (Pwn2Own) TP-Link AC1750 NetUSB Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-261 ZDI-CAN-15798 Sonos CVE-2022-24049 9.8 Feb. 10, 2022 Feb. 14, 2022 (Pwn2Own) Sonos One Speaker ALAC Frame Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-260 ZDI-CAN-15828 Sonos CVE-2022-24046 9.8 Feb. 10, 2022 Feb. 14, 2022 (Pwn2Own) Sonos One Speaker Integer Underflow Remote Code Execution Vulnerability ZDI-22-259 ZDI-CAN-12966 Advantech CVE-2021-38389 9.8 Feb. 2, 2022 Advantech WebAccess IOCTL 0x1138B Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-258 ZDI-CAN-12944 Advantech CVE-2021-33023 9.8 Feb. 2, 2022 Advantech WebAccess IOCTL 0x2722 Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-257 ZDI-CAN-12942 Advantech CVE-2021-33023 9.8 Feb. 2, 2022 Advantech WebAccess IOCTL 0x2722 Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-256 ZDI-CAN-15161 Sante CVE-2022-24064 7.8 Feb. 2, 2022 Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-255 ZDI-CAN-15105 Sante CVE-2022-24063 7.8 Feb. 2, 2022 Sante DICOM Viewer Pro JP2 File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-254 ZDI-CAN-15104 Sante CVE-2022-24062 7.8 Feb. 2, 2022 Sante DICOM Viewer Pro JP2 File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-253 ZDI-CAN-15100 Sante CVE-2022-24061 3.3 Feb. 2, 2022 Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability ZDI-22-252 ZDI-CAN-15099 Sante CVE-2022-24060 3.3 Feb. 2, 2022 Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-251 ZDI-CAN-15098 Sante CVE-2022-24059 7.8 Feb. 2, 2022 Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-250 ZDI-CAN-15095 Sante CVE-2022-24058 7.8 Feb. 2, 2022 Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-249 ZDI-CAN-15077 Sante CVE-2022-24057 7.8 Feb. 2, 2022 Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-248 ZDI-CAN-15076 Sante CVE-2022-24056 7.8 Feb. 2, 2022 Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-247 ZDI-CAN-14972 Sante CVE-2022-24055 3.3 Feb. 2, 2022 Sante DICOM Viewer Pro GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-246 ZDI-CAN-15846 Samba CVE-2021-44142 9.8 Feb. 1, 2022 Feb. 1, 2022 (Pwn2Own) Samba fruit_pwrite Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-245 ZDI-CAN-15833 Samba CVE-2021-44142 5.3 Feb. 1, 2022 Feb. 1, 2022 (Pwn2Own) Samba fruit_pread Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-244 ZDI-CAN-16156 Samba CVE-2021-44142 9.8 Feb. 1, 2022 Samba AppleDouble Entry Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-243 ZDI-CAN-15631 Bentley CVE-2021-46656 7.8 Jan. 31, 2022 Bentley View JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-242 ZDI-CAN-15630 Bentley CVE-2021-46655 7.8 Jan. 31, 2022 Bentley View JT File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-241 ZDI-CAN-15540 Bentley CVE-2021-46654 3.3 Jan. 31, 2022 Bentley View DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-240 ZDI-CAN-15539 Bentley CVE-2021-46653 7.8 Jan. 31, 2022 Bentley View BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-239 ZDI-CAN-15538 Bentley CVE-2021-46652 7.8 Jan. 31, 2022 Bentley View DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-238 ZDI-CAN-15537 Bentley CVE-2021-46651 3.3 Jan. 31, 2022 Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-237 ZDI-CAN-15536 Bentley CVE-2021-46650 3.3 Jan. 31, 2022 Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-236 ZDI-CAN-15535 Bentley CVE-2021-46649 3.3 Jan. 31, 2022 Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-235 ZDI-CAN-15534 Bentley CVE-2021-46648 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT DGN File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-234 ZDI-CAN-15533 Bentley CVE-2021-46647 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-233 ZDI-CAN-15532 Bentley CVE-2021-46646 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-232 ZDI-CAN-15531 Bentley CVE-2021-46645 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-231 ZDI-CAN-15530 Bentley CVE-2021-46644 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-230 ZDI-CAN-15515 Bentley CVE-2021-46643 7.8 Jan. 31, 2022 Bentley View DGN File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-229 ZDI-CAN-15514 Bentley CVE-2021-46642 3.3 Jan. 31, 2022 Bentley View DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-228 ZDI-CAN-15513 Bentley CVE-2021-46641 7.8 Jan. 31, 2022 Bentley View DGN File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-227 ZDI-CAN-15512 Bentley CVE-2021-46640 7.8 Jan. 31, 2022 Bentley View DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-226 ZDI-CAN-15511 Bentley CVE-2021-46639 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-225 ZDI-CAN-15510 Bentley CVE-2021-46638 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT DGN File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-224 ZDI-CAN-15509 Bentley CVE-2021-46637 3.3 Jan. 31, 2022 Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-223 ZDI-CAN-15508 Bentley CVE-2021-46636 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-222 ZDI-CAN-15507 Bentley CVE-2021-46635 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-221 ZDI-CAN-15464 Bentley CVE-2021-46634 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-220 ZDI-CAN-15463 Bentley CVE-2021-46633 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT PDF File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-219 ZDI-CAN-15462 Bentley CVE-2021-46632 3.3 Jan. 31, 2022 Bentley View JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-218 ZDI-CAN-15461 Bentley CVE-2021-46631 7.8 Jan. 31, 2022 Bentley View TIF File Parsing Uninitialized Variable Remote Code Execution Vulnerability ZDI-22-217 ZDI-CAN-15460 Bentley CVE-2021-46630 3.3 Jan. 31, 2022 Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-216 ZDI-CAN-15459 Bentley CVE-2021-46629 3.3 Jan. 31, 2022 Bentley View BMP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-215 ZDI-CAN-15458 Bentley CVE-2021-46628 3.3 Jan. 31, 2022 Bentley View BMP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-214 ZDI-CAN-15457 Bentley CVE-2021-46627 7.8 Jan. 31, 2022 Bentley View DXF File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-213 ZDI-CAN-15456 Bentley CVE-2021-46626 7.8 Jan. 31, 2022 Bentley View J2K File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-212 ZDI-CAN-15455 Bentley CVE-2021-46625 7.8 Jan. 31, 2022 Bentley View JT File Parsing Double Free Remote Code Execution Vulnerability ZDI-22-211 ZDI-CAN-15454 Bentley CVE-2021-46624 3.3 Jan. 31, 2022 Bentley View DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-210 ZDI-CAN-15453 Bentley CVE-2021-46623 3.3 Jan. 31, 2022 Bentley View 3DS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-209 ZDI-CAN-15416 Bentley CVE-2021-46622 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT J2K File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-208 ZDI-CAN-15415 Bentley CVE-2021-46621 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Double Free Remote Code Execution Vulnerability ZDI-22-207 ZDI-CAN-15414 Bentley CVE-2021-46620 3.3 Jan. 31, 2022 Bentley MicroStation CONNECT FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-206 ZDI-CAN-15413 Bentley CVE-2021-46619 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-205 ZDI-CAN-15412 Bentley CVE-2021-46618 3.3 Jan. 31, 2022 Bentley MicroStation CONNECT PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-204 ZDI-CAN-15411 Bentley CVE-2021-46617 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT TIF File Parsing Uninitialized Variable Remote Code Execution Vulnerability ZDI-22-203 ZDI-CAN-15410 Bentley CVE-2021-46616 3.3 Jan. 31, 2022 Bentley MicroStation CONNECT BMP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-202 ZDI-CAN-15409 Bentley CVE-2021-46615 3.3 Jan. 31, 2022 Bentley MicroStation CONNECT BMP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-201 ZDI-CAN-15408 Bentley CVE-2021-46614 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT J2K File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-200 ZDI-CAN-15407 Bentley CVE-2021-46613 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT DXF File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-199 ZDI-CAN-15406 Bentley CVE-2021-46612 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-198 ZDI-CAN-15405 Bentley CVE-2021-46611 3.3 Jan. 31, 2022 Bentley MicroStation CONNECT JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-197 ZDI-CAN-15404 Bentley CVE-2021-46610 3.3 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-196 ZDI-CAN-15403 Bentley CVE-2021-46609 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT PDF File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-195 ZDI-CAN-15402 Bentley CVE-2021-46608 3.3 Jan. 31, 2022 Bentley MicroStation CONNECT DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-194 ZDI-CAN-15401 Bentley CVE-2021-46607 3.3 Jan. 31, 2022 Bentley MicroStation CONNECT 3DS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-193 ZDI-CAN-15400 Bentley CVE-2021-46606 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-192 ZDI-CAN-15399 Bentley CVE-2021-46605 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-191 ZDI-CAN-15398 Bentley CVE-2021-46604 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-190 ZDI-CAN-15397 Bentley CVE-2021-46603 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT J2K File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-189 ZDI-CAN-15396 Bentley CVE-2021-46602 3.3 Jan. 31, 2022 Bentley MicroStation CONNECT 3DS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-188 ZDI-CAN-15395 Bentley CVE-2021-46601 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-187 ZDI-CAN-15394 Bentley CVE-2021-46600 3.3 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-186 ZDI-CAN-15393 Bentley CVE-2021-46599 3.3 Jan. 31, 2022 Bentley MicroStation CONNECT PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-185 ZDI-CAN-15392 Bentley CVE-2021-46598 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-184 ZDI-CAN-15391 Bentley CVE-2021-46597 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-183 ZDI-CAN-15390 Bentley CVE-2021-46596 3.3 Jan. 31, 2022 Bentley MicroStation CONNECT OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-182 ZDI-CAN-15389 Bentley CVE-2021-46595 3.3 Jan. 31, 2022 Bentley MicroStation CONNECT 3DS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-181 ZDI-CAN-15388 Bentley CVE-2021-46594 3.3 Jan. 31, 2022 Bentley MicroStation CONNECT DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-180 ZDI-CAN-15387 Bentley CVE-2021-46593 3.3 Jan. 31, 2022 Bentley MicroStation CONNECT DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-179 ZDI-CAN-15386 Bentley CVE-2021-46592 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT 3DS File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-178 ZDI-CAN-15385 Bentley CVE-2021-46591 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-177 ZDI-CAN-15384 Bentley CVE-2021-46590 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-176 ZDI-CAN-15383 Bentley CVE-2021-46589 3.3 Jan. 31, 2022 Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-175 ZDI-CAN-15382 Bentley CVE-2021-46588 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-174 ZDI-CAN-15381 Bentley CVE-2021-46587 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT 3DS File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-173 ZDI-CAN-15380 Bentley CVE-2021-46586 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT 3DS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-172 ZDI-CAN-15379 Bentley CVE-2021-46585 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-171 ZDI-CAN-15378 Bentley CVE-2021-46584 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-170 ZDI-CAN-15377 Bentley CVE-2021-46583 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-169 ZDI-CAN-15376 Bentley CVE-2021-46582 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JP2 File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-168 ZDI-CAN-15375 Bentley CVE-2021-46581 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-167 ZDI-CAN-15374 Bentley CVE-2021-46580 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-166 ZDI-CAN-15373 Bentley CVE-2021-46579 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-165 ZDI-CAN-15372 Bentley CVE-2021-46578 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-164 ZDI-CAN-15371 Bentley CVE-2021-46577 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-163 ZDI-CAN-15370 Bentley CVE-2021-46576 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-162 ZDI-CAN-15369 Bentley CVE-2021-46575 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT DGN File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-161 ZDI-CAN-15368 Bentley CVE-2021-46574 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-160 ZDI-CAN-15367 Bentley CVE-2021-46573 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-159 ZDI-CAN-15366 Bentley CVE-2021-46572 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-158 ZDI-CAN-15365 Bentley CVE-2021-46571 7.8 Jan. 31, 2022 Bentley View JT File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-157 ZDI-CAN-15364 Bentley CVE-2021-46570 7.8 Jan. 31, 2022 Bentley View JT File Parsing Uninitialized Variable Remote Code Execution Vulnerability ZDI-22-156 ZDI-CAN-15031 Bentley CVE-2021-46569 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-155 ZDI-CAN-15030 Bentley CVE-2021-46568 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-154 ZDI-CAN-15028 Bentley CVE-2021-46567 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-153 ZDI-CAN-15027 Bentley CVE-2021-46566 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Uninitialized Variable Remote Code Execution Vulnerability ZDI-22-152 ZDI-CAN-15024 Bentley CVE-2021-46565 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-151 ZDI-CAN-15023 Bentley CVE-2021-46564 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-150 ZDI-CAN-14990 Bentley CVE-2021-46563 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-149 ZDI-CAN-14987 Bentley CVE-2021-46562 7.8 Jan. 31, 2022 Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-148 ZDI-CAN-14162 ESET CVE-2021-37852 7.0 Jan. 31, 2022 ESET Endpoint Antivirus Unnecessary Privileges Local Privilege Escalation Vulnerability ZDI-22-147 ZDI-CAN-13856 Trend Micro CVE-2022-23805 3.3 Jan. 31, 2022 Trend Micro Worry-Free Business Security Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-146 ZDI-CAN-14433 Esri CVE-2021-29117 7.8 Jan. 31, 2022 Esri ArcReader PMF File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-145 ZDI-CAN-14439 Esri CVE-2021-29118 3.3 Jan. 31, 2022 Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-144 ZDI-CAN-14267 Esri CVE-2021-29112 3.3 Jan. 31, 2022 Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-143 ZDI-CAN-13801 Bitdefender CVE-2021-3641 6.1 Jan. 27, 2022 Bitdefender GravityZone Link Following Denial-of-Service Vulnerability ZDI-22-142 ZDI-CAN-14722 WECON CVE-2021-23138 7.8 Jan. 27, 2022 WECON LeviStudioU UMP File Parsing Trend Tag WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-141 ZDI-CAN-14720 WECON CVE-2021-23138 7.8 Jan. 27, 2022 WECON LeviStudioU UMP File Parsing Trend Tag WordAddr3 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-140 ZDI-CAN-14719 WECON CVE-2021-23138 7.8 Jan. 27, 2022 WECON LeviStudioU UMP File Parsing XY Tag WordAddr3 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-139 ZDI-CAN-14718 WECON CVE-2021-23138 7.8 Jan. 27, 2022 WECON LeviStudioU UMP File Parsing XY Tag WordAddr2 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-138 ZDI-CAN-14717 WECON CVE-2021-23138 7.8 Jan. 27, 2022 WECON LeviStudioU UMP File Parsing XY Tag WordAddr1 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-137 ZDI-CAN-14582 WECON CVE-2021-23138 7.8 Jan. 27, 2022 WECON LeviStudioU XML File Parsing Add Tag DigitCount Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-136 ZDI-CAN-14581 WECON CVE-2021-23138 7.8 Jan. 27, 2022 WECON LeviStudioU XML File Parsing BitAddr Tag ContralAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-135 ZDI-CAN-14580 WECON CVE-2021-23138 7.8 Jan. 27, 2022 WECON LeviStudioU XML File Parsing Add Tag DstAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-134 ZDI-CAN-14579 WECON CVE-2021-23138 7.8 Jan. 27, 2022 WECON LeviStudioU XML File Parsing BitAddr Tag ContralAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-133 ZDI-CAN-14578 WECON CVE-2021-23138 7.8 Jan. 27, 2022 WECON LeviStudioU UMP FIle Parsing HmiSet Tag Type Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-132 ZDI-CAN-14584 WECON CVE-2021-23157 7.8 Jan. 27, 2022 WECON LeviStudioU UMP File Parsing ScreenInfo Tag ScrnFile Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-131 ZDI-CAN-14577 WECON CVE-2021-23138 7.8 Jan. 27, 2022 WECON LeviStudioU XML File Parsing Add Tag PLCAddr1 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-130 ZDI-CAN-14576 WECON CVE-2021-23157 7.8 Jan. 27, 2022 WECON LeviStudioU UMP File Parsing ScreenInfo Tag ScrnName Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-129 ZDI-CAN-14575 WECON CVE-2021-23138 7.8 Jan. 27, 2022 WECON LeviStudioU UMP File Parsing BaseSet Tag BgOnOffBitAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-128 ZDI-CAN-16026 Oracle CVE-2022-21394 6.5 Jan. 21, 2022 Oracle VirtualBox TFTP Server Directory Traversal Information Disclosure Vulnerability ZDI-22-127 ZDI-CAN-16120 Oracle CVE-2022-21380 6.5 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability ZDI-22-126 ZDI-CAN-15121 Oracle CVE-2022-21356 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-125 ZDI-CAN-15122 Oracle CVE-2022-21357 6.5 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability ZDI-22-124 ZDI-CAN-15120 Oracle CVE-2022-21355 6.5 Jan. 21, 2022 Oracle MySQL Cluster Data Node Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-123 ZDI-CAN-15063 Oracle CVE-2022-21346 7.5 Jan. 21, 2022 Oracle Business Intelligence ReportTemplateService XML External Entity Processing Information Disclosure Vulnerability ZDI-22-122 ZDI-CAN-14524 Oracle CVE-2022-21337 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Buffer Overflow Remote Code Execution Vulnerability ZDI-22-121 ZDI-CAN-14523 Oracle CVE-2022-21336 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-120 ZDI-CAN-14522 Oracle CVE-2022-21335 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-119 ZDI-CAN-14521 Oracle CVE-2022-21334 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-118 ZDI-CAN-14520 Oracle CVE-2022-21333 6.5 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability ZDI-22-117 ZDI-CAN-14509 Oracle CVE-2022-21332 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability ZDI-22-116 ZDI-CAN-14507 Oracle CVE-2022-21331 6.5 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability ZDI-22-115 ZDI-CAN-14506 Oracle CVE-2022-21330 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability ZDI-22-114 ZDI-CAN-14505 Oracle CVE-2022-21329 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability ZDI-22-113 ZDI-CAN-14504 Oracle CVE-2022-21328 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability ZDI-22-112 ZDI-CAN-14503 Oracle CVE-2022-21327 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-111 ZDI-CAN-14502 Oracle CVE-2022-21326 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability ZDI-22-110 ZDI-CAN-14501 Oracle CVE-2022-21325 6.5 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability ZDI-22-109 ZDI-CAN-14500 Oracle CVE-2022-21324 6.5 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability ZDI-22-108 ZDI-CAN-14499 Oracle CVE-2022-21323 6.5 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability ZDI-22-107 ZDI-CAN-14498 Oracle CVE-2022-21322 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-106 ZDI-CAN-14497 Oracle CVE-2022-21321 6.5 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability ZDI-22-105 ZDI-CAN-14496 Oracle CVE-2022-21320 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-104 ZDI-CAN-14495 Oracle CVE-2022-21319 6.5 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability ZDI-22-103 ZDI-CAN-14494 Oracle CVE-2022-21318 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability ZDI-22-102 ZDI-CAN-14493 Oracle CVE-2022-21317 6.5 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability ZDI-22-101 ZDI-CAN-14492 Oracle CVE-2022-21316 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability ZDI-22-100 ZDI-CAN-14491 Oracle CVE-2022-21315 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability ZDI-22-099 ZDI-CAN-14490 Oracle CVE-2022-21314 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Buffer Overflow Remote Code Execution Vulnerability ZDI-22-098 ZDI-CAN-14489 Oracle CVE-2022-21313 6.5 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability ZDI-22-097 ZDI-CAN-14488 Oracle CVE-2022-21312 6.5 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability ZDI-22-096 ZDI-CAN-14487 Oracle CVE-2022-21311 6.5 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability ZDI-22-095 ZDI-CAN-14486 Oracle CVE-2022-21310 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability ZDI-22-094 ZDI-CAN-14458 Oracle CVE-2022-21309 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability ZDI-22-093 ZDI-CAN-14222 Oracle CVE-2022-21308 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-092 ZDI-CAN-14206 Oracle CVE-2022-21307 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-091 ZDI-CAN-13925 Oracle CVE-2022-21284 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Buffer Overflow Remote Code Execution Vulnerability ZDI-22-090 ZDI-CAN-13924 Oracle CVE-2022-21289 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Buffer Overflow Remote Code Execution Vulnerability ZDI-22-089 ZDI-CAN-13986 Oracle CVE-2022-21285 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability ZDI-22-088 ZDI-CAN-13966 Oracle CVE-2022-21286 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability ZDI-22-087 ZDI-CAN-13964 Oracle CVE-2022-21287 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Buffer Overflow Remote Code Execution Vulnerability ZDI-22-086 ZDI-CAN-13963 Oracle CVE-2022-21290 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Heap-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-085 ZDI-CAN-13922 Oracle CVE-2022-21288 9.8 Jan. 21, 2022 Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability ZDI-22-084 ZDI-CAN-13866 Oracle CVE-2022-21280 9.8 Jan. 21, 2022 Oracle MySQL Cluster Management API Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-083 ZDI-CAN-13865 Oracle CVE-2022-21279 9.8 Jan. 21, 2022 Oracle MySQL Cluster Management API Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-082 ZDI-CAN-13818 TeamViewer CVE-2021-35005 3.3 Jan. 20, 2022 TeamViewer Improper Validation of Array Index Information Disclosure Vulnerability ZDI-22-081 ZDI-CAN-14656 TP-Link CVE-2021-35004 8.8 Jan. 17, 2022 TP-Link TL-WA1201 DNS Response Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-080 ZDI-CAN-14655 TP-Link CVE-2021-35003 9.8 Jan. 17, 2022 TP-Link Archer C90 DNS Response Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-079 ZDI-CAN-14371 Adobe CVE-2021-43746 3.3 Jan. 17, 2022 Adobe Illustrator SVG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-078 ZDI-CAN-14137 Fortinet CVE-2021-26089 7.8 Jan. 17, 2022 Fortinet FortiClient Network Access Control Uncontrolled Search Path Element Privilege Escalation Vulnerability ZDI-22-077 ZDI-CAN-15856 Western Digital CVE-2022-22991 8.8 Jan. 17, 2022 Jan. 18, 2022 (Pwn2Own) Western Digital MyCloud PR4100 ConnectivityService Command Injection Remote Code Execution Vulnerability ZDI-22-076 ZDI-CAN-15872 Western Digital CVE-2022-22992 8.0 Jan. 17, 2022 Feb. 10, 2022 (Pwn2Own) Western Digital MyCloud PR4100 cloudAccess Command Injection Remote Code Execution Vulnerability ZDI-22-075 ZDI-CAN-14539 NetBSD 5.5 Jan. 14, 2022 NetBSD Kernel stat System Call Uninitialized Memory Information Disclosure Vulnerability ZDI-22-074 ZDI-CAN-14978 Microsoft CVE-2021-42309 8.8 Jan. 14, 2022 Microsoft SharePoint Server-Side Control Improper Input Validation Remote Code Execution Vulnerability ZDI-22-073 ZDI-CAN-14540 OpenBSD CVE-2021-34999 3.8 Jan. 13, 2022 OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability ZDI-22-072 ZDI-CAN-15148 Adobe CVE-2021-45053 7.8 Jan. 13, 2022 Adobe InCopy JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-071 ZDI-CAN-15151 Adobe CVE-2021-45054 3.3 Jan. 13, 2022 Adobe InCopy JPEG2000 Parsing Use-After-Free Information Disclosure Vulnerability ZDI-22-070 ZDI-CAN-15234 Adobe CVE-2021-45055 7.8 Jan. 13, 2022 Adobe InCopy TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-069 ZDI-CAN-15233 Adobe CVE-2021-45056 7.8 Jan. 13, 2022 Adobe InCopy JPEG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-068 ZDI-CAN-15232 Adobe CVE-2021-45058 7.8 Jan. 13, 2022 Adobe InDesign JPEG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-067 ZDI-CAN-15150 Adobe CVE-2021-45059 3.3 Jan. 13, 2022 Adobe InDesign JPEG2000 Parsing Use-After-Free Information Disclosure Vulnerability ZDI-22-066 ZDI-CAN-15144 Adobe CVE-2021-45057 7.8 Jan. 13, 2022 Adobe InDesign JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-065 ZDI-CAN-15152 Adobe CVE-2021-45051 3.3 Jan. 13, 2022 Adobe Bridge JPEG2000 Parsing Use-After-Free Information Disclosure Vulnerability ZDI-22-064 ZDI-CAN-15142 Adobe CVE-2021-45052 3.3 Jan. 13, 2022 Adobe Bridge TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-063 ZDI-CAN-15146 Adobe CVE-2021-44743 7.8 Jan. 13, 2022 Adobe Bridge JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-062 ZDI-CAN-15244 Adobe CVE-2021-44700 3.3 Jan. 13, 2022 Adobe Illustrator JPEG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-061 ZDI-CAN-15143 Adobe CVE-2021-43752 3.3 Jan. 13, 2022 Adobe Illustrator TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-060 ZDI-CAN-15698 Adobe CVE-2021-45060 7.8 Jan. 13, 2022 Adobe Acrobat Reader DC TTF Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ZDI-22-059 ZDI-CAN-15902 Adobe CVE-2021-45063 3.3 Jan. 13, 2022 Adobe Acrobat Reader DC JP2 File Parsing Use-After-Free Information Disclosure Vulnerability ZDI-22-058 ZDI-CAN-15900 Adobe CVE-2021-45068 7.8 Jan. 13, 2022 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-057 ZDI-CAN-15196 Adobe CVE-2021-44701 7.8 Jan. 13, 2022 Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability ZDI-22-056 ZDI-CAN-15903 Adobe CVE-2021-45061 7.8 Jan. 13, 2022 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-055 ZDI-CAN-15586 Adobe CVE-2021-45064 7.8 Jan. 13, 2022 Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability ZDI-22-054 ZDI-CAN-15901 Adobe CVE-2021-45062 7.8 Jan. 13, 2022 Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-053 ZDI-CAN-14727 Open Design Alliance (ODA) CVE-2022-23095 7.8 Jan. 13, 2022 Open Design Alliance (ODA) Drawings Explorer JPG File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-052 ZDI-CAN-15212 Microsoft CVE-2022-21899 5.5 Jan. 13, 2022 Microsoft Windows EFI Partition Incorrect Authorization Denial-of-Service Vulnerability ZDI-22-051 ZDI-CAN-15188 Microsoft CVE-2022-21876 5.5 Jan. 13, 2022 Microsoft Windows DirectComposition Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-050 ZDI-CAN-15331 Microsoft CVE-2022-21895 7.8 Jan. 13, 2022 Microsoft Windows User Profile Service Directory Junction Privilege Escalation Vulnerability ZDI-22-049 ZDI-CAN-14660 Microsoft CVE-2022-21838 7.0 Jan. 13, 2022 Microsoft Windows SilentCleanup Link Following Local Privilege Escalation Vulnerability ZDI-22-048 ZDI-CAN-14957 Microsoft CVE-2022-21877 5.6 Jan. 13, 2022 Microsoft Windows Storage Spaces Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-047 ZDI-CAN-14411 WECON CVE-2021-43983 7.8 Jan. 13, 2022 WECON LeviStudioU UMP File Parsing XY Tag WordAddr9 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-046 ZDI-CAN-14413 WECON CVE-2021-43983 7.8 Jan. 13, 2022 WECON LeviStudioU UMP File Parsing Alarm Tag bitaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-045 ZDI-CAN-14417 WECON CVE-2021-43983 7.8 Jan. 13, 2022 WECON LeviStudioU UMP File Parsing Alarm Tag WordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-044 ZDI-CAN-14419 WECON CVE-2021-43983 7.8 Jan. 13, 2022 WECON LeviStudioU UMP File Parsing Trend Tag WordAddr12 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-043 ZDI-CAN-14420 WECON CVE-2021-43983 7.8 Jan. 13, 2022 WECON LeviStudioU UMP File Parsing XY Tag WordAddr7 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-042 ZDI-CAN-14421 WECON CVE-2021-43983 7.8 Jan. 13, 2022 WECON LeviStudioU UMP File Parsing Trend Tag WordAddr11 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-041 ZDI-CAN-14422 WECON CVE-2021-43983 7.8 Jan. 13, 2022 WECON LeviStudioU UMP File Parsing XY Tag WordAddr5 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-040 ZDI-CAN-14423 WECON CVE-2021-43983 7.8 Jan. 13, 2022 WECON LeviStudioU UMP File Parsing XY Tag WordAddr6 Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-039 ZDI-CAN-14569 WECON CVE-2021-43983 7.8 Jan. 13, 2022 WECON LeviStudioU UMP File Parsing BaseSet Tag HMINAME Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-038 ZDI-CAN-14570 WECON CVE-2021-43983 7.8 Jan. 13, 2022 WECON LeviStudioU UMP File Parsing HmiSet Tag Style Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-037 ZDI-CAN-14574 WECON CVE-2021-43983 7.8 Jan. 13, 2022 WECON LeviStudioU UMP File Parsing BaseSet Tag CurScrIdAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-036 ZDI-CAN-14573 WECON CVE-2021-43983 7.8 Jan. 13, 2022 WECON LeviStudioU UMP File Parsing BaseSet Tag ScrIdWordAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-035 ZDI-CAN-14572 WECON CVE-2021-43983 7.8 Jan. 13, 2022 WECON LeviStudioU UMP File Parsing BaseSet Tag PowerEnterTime Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-034 ZDI-CAN-14571 WECON CVE-2021-43983 7.8 Jan. 13, 2022 WECON LeviStudioU UMP File Parsing BaseSet Tag EnterTime Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-033 ZDI-CAN-14634 Fatek Automation CVE-2021-43554 7.8 Jan. 13, 2022 Fatek Automation WinProladder PDW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-032 ZDI-CAN-14568 Fatek Automation CVE-2021-43556 7.8 Jan. 13, 2022 Fatek Automation WinProladder PDW File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-031 ZDI-CAN-14465 Fatek Automation CVE-2021-43556 7.8 Jan. 13, 2022 Fatek Automation WinProladder TAB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-030 ZDI-CAN-14225 Fatek Automation CVE-2021-43554 7.8 Jan. 13, 2022 Fatek Automation WinProladder PDW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-029 ZDI-CAN-14566 Fatek Automation CVE-2021-43556 7.8 Jan. 13, 2022 Fatek Automation WinProladder SPF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ZDI-22-028 ZDI-CAN-14517 Fatek Automation CVE-2021-43554 7.8 Jan. 13, 2022 Fatek Automation WinProladder PDW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-027 ZDI-CAN-13030 Delta Industrial Automation CVE-2021-32965 7.8 Jan. 11, 2022 Delta Industrial Automation DIAScreen XLS File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-026 ZDI-CAN-13029 Delta Industrial Automation CVE-2021-32965 7.8 Jan. 11, 2022 Delta Industrial Automation DIAScreen XLS File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-025 ZDI-CAN-13033 Delta Industrial Automation CVE-2021-32965 7.8 Jan. 11, 2022 Delta Industrial Automation DIAScreen XLS File Parsing Memory Corruption Remote Code Execution Vulnerability ZDI-22-024 ZDI-CAN-13032 Delta Industrial Automation CVE-2021-32969 7.8 Jan. 11, 2022 Delta Industrial Automation DIAScreen XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-023 ZDI-CAN-13031 Delta Industrial Automation CVE-2021-32969 7.8 Jan. 11, 2022 Delta Industrial Automation DIAScreen XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-022 ZDI-CAN-14860 Siemens CVE-2021-42028 7.8 Jan. 10, 2022 Siemens syngo fastView BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-021 ZDI-CAN-15097 Siemens CVE-2021-40367 7.8 Jan. 10, 2022 Siemens syngo DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-020 ZDI-CAN-15541 WordPress CVE-2022-21661 7.5 Jan. 10, 2022 WordPress Core WP_Query SQL Injection Information Disclosure Vulnerability ZDI-22-019 ZDI-CAN-14955 Microsoft CVE-2021-43238 5.5 Jan. 6, 2022 Microsoft Windows Remote Access Connection Manager Service Link Following Denial-of-Service Vulnerability ZDI-22-018 ZDI-CAN-14770 Microsoft CVE-2021-43237 7.0 Jan. 6, 2022 Microsoft Windows Update Assistant Link Following Local Privilege Escalation Vulnerability ZDI-22-017 ZDI-CAN-14607 Trend Micro CVE-2021-45441 7.8 Jan. 6, 2022 Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability ZDI-22-016 ZDI-CAN-14218 Trend Micro CVE-2021-45440 7.0 Jan. 6, 2022 Trend Micro Worry-Free Business Security Unnecessary Privileges Local Privilege Escalation Vulnerability ZDI-22-015 ZDI-CAN-14967 Trend Micro CVE-2021-45442 6.1 Jan. 6, 2022 Trend Micro Worry-Free Business Security Link Following Denial-of-Service Vulnerability ZDI-22-014 ZDI-CAN-13364 Trend Micro CVE-2021-44024 6.1 Jan. 6, 2022 Trend Micro Apex One Link Following Denial-of-Service Vulnerability ZDI-22-013 ZDI-CAN-13365 Trend Micro CVE-2021-45231 7.8 Jan. 6, 2022 Trend Micro Apex One Link Following Privilege Escalation Vulnerability ZDI-22-012 ZDI-CAN-16112 OpenBSD CVE-2021-35000 3.3 Jan. 6, 2022 OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability ZDI-22-011 ZDI-CAN-15111 Siemens CVE-2021-44017 3.3 Jan. 6, 2022 Jan. 9, 2022 Siemens JT2Go TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-010 ZDI-CAN-15109 Siemens CVE-2021-44015 3.3 Jan. 6, 2022 Jan. 9, 2022 Siemens JT2Go CGM File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-009 ZDI-CAN-15103 Siemens CVE-2021-44013 7.8 Jan. 6, 2022 Jan. 9, 2022 Siemens JT2Go JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-008 ZDI-CAN-15102 Siemens CVE-2021-44012 3.3 Jan. 6, 2022 Jan. 9, 2022 Siemens JT2Go JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-007 ZDI-CAN-15101 Siemens CVE-2021-44011 3.3 Jan. 6, 2022 Jan. 9, 2022 Siemens JT2Go JT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability ZDI-22-006 ZDI-CAN-15058 Siemens CVE-2021-44002 7.8 Jan. 6, 2022 Jan. 9, 2022 Siemens JT2Go JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-005 ZDI-CAN-15057 Siemens CVE-2021-44014 7.8 Jan. 6, 2022 Jan. 9, 2022 Siemens JT2Go JT File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-22-004 ZDI-CAN-14974 Siemens CVE-2021-44001 7.8 Jan. 6, 2022 Jan. 9, 2022 Siemens JT2Go PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ZDI-22-003 ZDI-CAN-14237 VMware CVE-2021-22045 7.8 Jan. 6, 2022 Jan. 11, 2022 VMware Workstation SCSI Heap-based Buffer Overflow Privilege Escalation Vulnerability ZDI-22-002 ZDI-CAN-14122 BMC CVE-2021-35002 8.8 Jan. 6, 2022 BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability ZDI-22-001 ZDI-CAN-14527 BMC CVE-2021-35001 3.1 Jan. 6, 2022 BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability

Related news

Softing Secure Integration Server 1.22 Remote Code Execution

This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using the "restore configuration" feature to upload a zip file containing a path traversal file which is a dll called ..\..\..\..\..\..\..\..\..\..\..\Windows\System32\wbem\wbemcomn.dll. This causes the file C:\Windows\System32\wbem\wbemcomn.dll to be created and executed upon touching the disk. In CVE-2022-2334, the planted wbemcomn.dll is used in a DLL hijacking attack when Softing Secure Integration Server restarts upon restoring configuration, which allows us to execute arbitrary code on the target system. The chain demonstrated in Pwn2Own used a signature instead of a password. The signature was acquired by running an ARP spoofing attack against the local network where the Softing SIS server was ...

Gentoo Linux Security Advisory 202405-25

Gentoo Linux Security Advisory 202405-25 - Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected.

Vinchin Backup And Recovery 7.2 Default MySQL Credentials

A critical security issue has been discovered in Vinchin Backup and Recovery version 7.2. The software has been found to use default MYSQL credentials, which could lead to significant security risks.

Gentoo Linux Security Advisory 202401-11

Gentoo Linux Security Advisory 202401-11 - Multiple vulnerabilities have been found in Apache Batik, the worst of which could result in arbitrary code execution. Versions greater than or equal to 1.17 are affected.

CVE-2023-47579: Vulnerability Report

Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system.

CVE-2021-38405

The Datalogics APDFL library used in affected products is vulnerable to memory corruption condition while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Gentoo Linux Security Advisory 202311-02

Gentoo Linux Security Advisory 202311-2 - Multiple vulnerabilities have been discovered in Netatalk, which could lead to remote code execution Versions greater than or equal to 3.1.18 are affected.

Gentoo Linux Security Advisory 202310-21

Gentoo Linux Security Advisory 202310-21 - Multiple vulnerabilities have been discovered in ConnMan, the worst of which can lead to remote code execution. Versions greater than or equal to 1.42_pre20220801 are affected.

Debian Security Advisory 5503-1

Debian Linux Security Advisory 5503-1 - Multiple security issues were discovered in Netatalk, an implementation of the Apple Filing Protocol (AFP) for offering file service (mainly) to macOS clients, which may result in the execution of arbitrary code or information disclosure.

Gentoo Linux Security Advisory 202309-06

Gentoo Linux Security Advisory 202309-6 - Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution. Versions greater than or equal to 4.18.4 are affected.

CVE-2022-28835: Adobe Security Bulletin

Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28831: Adobe Security Bulletin

Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2023-40193: Multiple vulnerabilities in TP-Link products

Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.

Ubuntu Security Notice USN-6236-1

Ubuntu Security Notice 6236-1 - It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that ConnMan could be made to leak sensitive information via the gdhcp component. A remote attacker could possibly use this issue to obtain information for further exploitation. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

CVE-2023-25201: Security Advisories - usd HeroLab

Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload.

Red Hat Security Advisory 2023-3954-01

Red Hat Security Advisory 2023-3954-01 - This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include bypass, code execution, denial of service, information leakage, resource exhaustion, server-side request forgery, and traversal vulnerabilities.

RHSA-2023:3954: Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update

A minor version update (from 7.11 to 7.12) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2012-5783: It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or su...

Red Hat Security Advisory 2023-3742-02

Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.

Ubuntu Security Notice USN-6146-1

Ubuntu Security Notice 6146-1 - It was discovered that Netatalk did not properly validate the length of user-supplied data in the DSI structures. A remote attacker could possibly use this issue to execute arbitrary code with the privileges of the user invoking the programs. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that Netatalk did not properly validate the length of user-supplied data in the ad_addcomment function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

CVE-2023-28043: DSA-2023-164: Dell Secure Connect Gateway Security Update for Multiple Vulnerabilities

Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.

CVE-2022-35742

Microsoft Outlook Denial of Service Vulnerability

CVE-2022-35751

Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2022-35750

Win32k Elevation of Privilege Vulnerability

Ubuntu Security Notice USN-6117-1

Ubuntu Security Notice 6117-1 - It was discovered that Apache Batik incorrectly handled certain inputs. An attacker could possibly use this to perform a cross site request forgery attack. It was discovered that Apache Batik incorrectly handled Jar URLs in some situations. A remote attacker could use this issue to access files on the server. It was discovered that Apache Batik allowed running untrusted Java code from an SVG. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2023-0584-01

Red Hat Security Advisory 2023-0584-01 - Secondary Scheduler Operator for Red Hat OpenShift 1.1.1. Issues addressed include a denial of service vulnerability.

RHSA-2023:0584: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query ...

Red Hat Security Advisory 2023-2100-01

Red Hat Security Advisory 2023-2100-01 - This release of Camel for Spring Boot 3.20.1 serves as a replacement for Camel for Spring Boot 3.18.3 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include bypass, code execution, cross site scripting, denial of service, man-in-the-middle, memory exhaustion, resource exhaustion, and traversal vulnerabilities.

RHSA-2023:2100: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 security update

Red Hat Integration Camel for Spring Boot 3.20.1 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-37533: A flaw was found in Apache Commons Net's FTP, where the client trusts the host from PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This issue could lead to leakage of information about service...

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Ubuntu Security Notice USN-6014-1

Ubuntu Security Notice 6014-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

Ubuntu Security Notice USN-6013-1

Ubuntu Security Notice 6013-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

Ubuntu Security Notice USN-6001-1

Ubuntu Security Notice 6001-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

CVE-2023-1802: Docker Desktop release notes

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.

CVE-2023-28069: DSA-2022-258: Dell Streaming Data Platform Security Update for Multiple Third-Party Component Vulnerabilities

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

CVE-2022-42426: ZDI-22-1397

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18554.

CVE-2022-36969: ZDI-22-1128

This vulnerability allows remote attackers to disclose sensitive information on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the LoadImportedLibraries method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. Was ZDI-CAN-17394.

CVE-2022-36970: ZDI-22-1129

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 20.0 Build: 4201.2111.1802.0000 Service Pack 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of APP files. Crafted data in a APP file can cause the application to execute arbitrary Visual Basic scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of current process. Was ZDI-CAN-17370.

CVE-2022-36979: ZDI-22-784

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AvalancheDaoSupport class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15493.

CVE-2022-36974: ZDI-22-779

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Web File Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15330.

CVE-2022-36978: ZDI-22-783

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Notification Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15448.

CVE-2022-37012

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpcUa_SecureListener_ProcessSessionCallRequest method. A crafted OPC UA message can force the server to incorrectly update a reference count. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-16927.

CVE-2022-36983: ZDI-22-788

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.3.101. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetSettings class. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15919.

CVE-2022-36981: ZDI-22-786

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DeviceLogResource class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15966.

CVE-2022-36980: ZDI-22-785

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the EnterpriseServer service. The issue results from the lack of proper locking when performing operations during authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15528.

CVE-2022-36975

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15332.

CVE-2022-37383: ZDI-22-1055

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17111.

CVE-2022-37384: ZDI-22-1056

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the delay method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17327.

CVE-2022-37377: ZDI-22-1049

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor 11.1.1.53537;. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JavaScript optimizations. The issue results from an improper optimization, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16733.

CVE-2022-36976: ZDI-22-781

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15333.

CVE-2022-36972: ZDI-22-777

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15328.

CVE-2022-36973: ZDI-22-778

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15329.

CVE-2022-36971: ZDI-22-776

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the JwtTokenUtility class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15301.

CVE-2022-37376: ZDI-22-1048

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Editor 11.1.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arrays. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16599.

CVE-2022-28685: ZDI-22-1124

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of APP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17212.

CVE-2022-42429: ZDI-22-1394

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18557.

CVE-2022-36977: ZDI-22-782

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Certificate Management Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15449.

CVE-2022-28312: ZDI-22-602

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16342.

CVE-2022-28313: ZDI-22-603

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16343.

CVE-2022-28319: BE-2022-0002 | Bentley Systems | Infrastructure Engineering Software Company

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DM files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16340.

CVE-2022-28320: ZDI-22-597

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DM files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16282.

CVE-2022-28643: BE-2022-0004 | Bentley Systems | Infrastructure Engineering Software Company

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16468.

CVE-2022-28308: ZDI-22-599

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16307.

CVE-2022-28306: ZDI-22-595

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-16174.

CVE-2022-36982: ZDI-22-787

This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AgentTaskHandler class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored session cookies, leading to further compromise. Was ZDI-CAN-15967.

CVE-2022-28307: BE-2022-0005 | Bentley Systems | Infrastructure Engineering Software Company

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. Crafted data in a DXF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16306.

CVE-2022-28304: ZDI-22-594

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16171.

CVE-2022-28305: BE-2022-0008 | Bentley Systems | Infrastructure Engineering Software Company

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16172.

CVE-2022-28310: BE-2022-0009 | Bentley Systems | Infrastructure Engineering Software Company

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16339.

CVE-2022-28303: ZDI-22-596

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16280.

CVE-2022-42425: ZDI-22-1396

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18555.

CVE-2022-28300: BE-2022-0007 | Bentley Systems | Infrastructure Engineering Software Company

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation 10.16.02.034 CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. Crafted data in a JP2 file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16202.

CVE-2022-27648: ZDI-22-543

This vulnerability allows remote attackers to execute arbitrary code on affected installations of KOYO Screen Creator 0.1.1.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SCA2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14868.

CVE-2022-27646: Security Advisory for Multiple Vulnerabilities on Multiple Products, PSV-2021-0324

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.

CVE-2022-27645: ZDI-22-522

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.

CVE-2022-27644: ZDI-22-520

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.

CVE-2022-27643: Security Advisory for Pre-Authentication Buffer Overflow on Multiple Products, PSV-2021-0323

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15692.

CVE-2022-27642: Security Advisory for Multiple Vulnerabilities on Multiple Products, PSV-2021-0327

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.

CVE-2022-27641: Security Advisory for Pre-Authentication Buffer Overflow on Multiple Products, PSV-2021-0278

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15806.

CVE-2022-2561: CVE-2022-2561 Connectivity Explorer file vulnerability (ZDI-CAN-16596)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OPC Labs QuickOPC 2022.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XML files in Connectivity Explorer. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16596.

CVE-2022-42431: ZDI-22-1407

This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the bcmdhd driver. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17544.

CVE-2022-2560: ZDI-22-1032

This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP CompleteFTP Server v22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-17481.

CVE-2022-42430: ZDI-22-1406

This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the wowlan_config data structure. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17543.

CVE-2022-42428: ZDI-22-1399

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18410.

CVE-2022-37388: ZDI-22-1060

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17516.

CVE-2022-37386: ZDI-22-1058

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17550.

CVE-2022-37387: ZDI-22-1059

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17552.

CVE-2022-42427: ZDI-22-1398

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the contact groups configuration page. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18541.

CVE-2022-37382: ZDI-22-1054

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeIcon method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17383.

CVE-2022-37385: ZDI-22-1057

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17301.

CVE-2022-3093: ZDI-22-1188

This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ice_updater update mechanism. The issue results from the lack of proper validation of user-supplied firmware. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17463.

CVE-2022-42424: ZDI-22-1395

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18556.

CVE-2022-3210: ZDI-22-1222

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15905.

CVE-2022-28309: ZDI-22-600

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16308.

CVE-2022-24352: ZDI-22-262

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 211210 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko kernel module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15773.

CVE-2022-1229: BE-2022-0006 | Bentley Systems | Infrastructure Engineering Software Company

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.2.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16581.

CVE-2022-24972: ZDI-22-405

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13911.

CVE-2022-23121: ZDI-22-527

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.

CVE-2022-23122: Netatalk Release Notes

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.

CVE-2022-23123: ZDI-22-528

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830.

CVE-2022-24973: ZDI-22-406

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13992.

CVE-2022-23125: ZDI-22-526

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869.

CVE-2022-24353: ZDI-22-263

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-15769.

CVE-2022-0650: ZDI-22-407

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13993.

CVE-2022-0194: ZDI-22-530

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876.

SolarWinds Information Service (SWIS) Remote Command Execution

The SolarWinds Information Service (SWIS) is vulnerable to remote code execution by way of a crafted message received through the AMQP message queue. A malicious user that can authenticate to the AMQP service can publish such a crafted message whose body is a serialized .NET object which can lead to OS command execution as NT AUTHORITY\SYSTEM.

CISA Alerts on Critical Security Vulnerabilities in Industrial Control Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released eight Industrial Control Systems (ICS) advisories on Tuesday, warning of critical flaws affecting equipment from Delta Electronics and Rockwell Automation. This includes 13 security vulnerabilities in Delta Electronics' InfraSuite Device Master, a real-time device monitoring software. All versions prior to 1.0.5 are

CVE-2023-0628: Docker Desktop release notes

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking an user to open a crafted malicious docker-desktop:// URL.

RHSA-2023:1174: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...

CVE-2022-32855: About the security content of iOS 15.6 and iPadOS 15.6

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6. A user may be able to view restricted content from the lock screen.

CVE-2022-32824: About the security content of tvOS 15.6

The issue was addressed with improved memory handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.

Red Hat Security Advisory 2023-0918-01

Red Hat Security Advisory 2023-0918-01 - Service Binding manages the data plane for applications and backing services.

Red Hat Security Advisory 2023-0795-01

Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.

Cisco RV Series Authentication Bypass / Command Injection

This Metasploit module exploits two vulnerabilities, a session ID directory traversal authentication bypass (CVE-2022-20705) and a command injection vulnerability (CVE-2022-20707), on Cisco RV160, RV260, RV340, and RV345 Small Business Routers, allowing attackers to execute arbitrary commands with www-data user privileges. This access can then be used to pivot to other parts of the network. This module works on firmware versions 1.0.03.24 and below.

Red Hat Security Advisory 2023-0709-01

Red Hat Security Advisory 2023-0709-01 - Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. This release includes security and bug fixes, and enhancements.

io_uring Same Type Object Reuse Privilege Escalation

This Metasploit module exploits a bug in io_uring leading to an additional put_cred() that can be exploited to hijack credentials of other processes. This exploit will spawn SUID programs to get the freed cred object reallocated by a privileged process and abuse them to create a SUID root binary that will pop a shell. The dangling cred pointer will, however, lead to a kernel panic as soon as the task terminates and its credentials are destroyed. We therefore detach from the controlling terminal, block all signals and rest in silence until the system shuts down and we get killed hard, just to cry in vain, seeing the kernel collapse. The bug affected kernels from v5.12-rc3 to v5.14-rc7. More than 1 CPU is required for exploitation. Successfully tested against Ubuntu 22.04.01 with kernel 5.13.12-051312-generic.

Red Hat Security Advisory 2023-0542-01

Red Hat Security Advisory 2023-0542-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release. Issues addressed include denial of service and spoofing vulnerabilities.

CVE-2022-41141: ZDI-22-1300

This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16859.

CVE-2022-40719: ZDI-22-1223

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd_generic.lua plugin for the xupnpd service, which listens on TCP port 4044 by default. When parsing the feed parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15906.

CVE-2022-41142: ZDI-22-1326

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to configure poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18304.

CVE-2022-42418: ZDI-22-1387

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18677.

CVE-2022-40720: ZDI-22-1224

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the router. Was ZDI-CAN-15935.

CVE-2022-41140: D-Link Technical Support

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13796.

CVE-2022-40718: ZDI-22-1221

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15728.

CVE-2022-42396: ZDI-22-1332

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18278.

CVE-2022-42385: ZDI-22-1376

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18654.

CVE-2022-42371: ZDI-22-1353

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18346.

CVE-2022-40717: ZDI-22-1220

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15727.

CVE-2022-42407: ZDI-22-1365

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18542.

CVE-2022-42395: ZDI-22-1331

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. Crafted data in an XPS file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18274.

CVE-2022-42399: ZDI-22-1343

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18327.

CVE-2022-42414: ZDI-22-1342

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18326.

CVE-2022-42417: ZDI-22-1386

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data in a TIF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18676.

CVE-2022-42423: Tracker Software Products :: PDF-XChange Editor Version History

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data in a TIF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18716.

CVE-2022-42384: ZDI-22-1375

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18653.

RHSA-2023:0348: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2959: kernel: watch queue race condition can lead to privilege escalation * CVE-2022-2964: kernel: memory corruption in AX88179_178A based USB ethernet device. * CVE-2022-4139: kernel: i915: Incorrect GPU TLB flush can lead to random memory access * CVE-2022-43945: kernel: nfsd buffer overflow by RPC message over TCP with garbage data

RHSA-2023:0334: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2959: kernel: watch queue race condition can lead to privilege escalation * CVE-2022-2964: kernel: memory corruption in AX88179_178A based USB ethernet device. * CVE-2022-3077: kernel: i2c: unbounded length leads to buffer overflow in ismt_access() * CVE-2022-4139: kernel: i915: Incorrect GPU TLB flush can lead to random memory access * CVE-2022-30594: ...

CVE-2022-45103: DSA-2022-340: Dell Unisphere for PowerMax, Dell Unisphere for PowerMax vApp, Dell Solutions Enabler vApp, Dell Unisphere 360, Dell VASA Provider vApp, and Dell PowerMax EMB Mgmt Security Update for Mu

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVE-2023-21599: Adobe Security Bulletin

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2023-21592: Adobe Security Bulletin

Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-26383: Security Vulnerabilities fixed in Thunderbird 91.7

When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

CVE-2022-0843: Security Vulnerabilities fixed in Firefox 98

Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 98.

Red Hat Security Advisory 2022-9082-01

Red Hat Security Advisory 2022-9082-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow, out of bounds write, and privilege escalation vulnerabilities.

RHSA-2022:9082: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() * CVE-2022-2959: kernel: watch queue race condition can lead to privilege escalation * CVE-2022-43945: kernel: nfsd buffer overflow by RP...

RHSA-2022:9040: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.3 security update

Red Hat Advanced Cluster Management for Kubernetes 2.6.3 General Availability release images, which provide security updates, fix bugs, and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-41912: crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements

Red Hat Security Advisory 2022-8973-01

Red Hat Security Advisory 2022-8973-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, code execution, memory leak, out of bounds write, and privilege escalation vulnerabilities.

CVE-2022-2660

Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine.

CVE-2022-2951

Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to improper validation of array index vulnerability during processing of H3D files. A DWORD value from a PoC file is extracted and used as an index to write to a buffer, leading to memory corruption.

Red Hat Security Advisory 2022-8964-01

Red Hat Security Advisory 2022-8964-01 - The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2022-8938-01

Red Hat Security Advisory 2022-8938-01 - Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements.

RHSA-2022:8973: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() * CVE-2022-2959: kernel: watch queue race condition can lead to privilege escalation * CVE-2022-21123: hw: cpu: incomplete clean-up of multi-co...

RHSA-2022:8974: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() * CVE-2022-2959: kernel: watch queue race condition can lead to privilege escalation * CVE-2022-21123: hw: cpu: incomplete clean-up of multi...

Red Hat Security Advisory 2022-8889-01

Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.

RHSA-2022:8889: Red Hat Security Advisory: Openshift Logging 5.3.14 bug fix release and security update

Openshift Logging Bug Fix Release (5.3.14) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays

Red Hat Security Advisory 2022-8781-01

Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.

RHSA-2022:8781: Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update

Logging Subsystem 5.5.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32189: golang: math/b...

Red Hat Security Advisory 2022-8750-01

Red Hat Security Advisory 2022-8750-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2022:8750: Red Hat Security Advisory: OpenShift Virtualization 4.11.1 security and bug fix update

Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...

Red Hat Security Advisory 2022-8609-01

Red Hat Security Advisory 2022-8609-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.7 images. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-7435-01

Red Hat Security Advisory 2022-7435-01 - An update is now available for Logging subsystem for Red Hat OpenShift 5.4. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8222-01

Red Hat Security Advisory 2022-8222-01 - Xwayland is an X server for running X clients under Wayland. Issues addressed include an out of bounds access vulnerability.

RHSA-2022:7435: Red Hat Security Advisory: Logging Subsystem 5.4.8 - Red Hat OpenShift security update

An update is now available for Logging subsystem for Red Hat OpenShift 5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-32149: golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays...

Red Hat Security Advisory 2022-7933-01

Red Hat Security Advisory 2022-7933-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include code execution, denial of service, double free, information leakage, null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

RHSA-2022:8221: Red Hat Security Advisory: xorg-x11-server security and bug fix update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2319: xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access * CVE-2022-2320: xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension

RHSA-2022:8222: Red Hat Security Advisory: xorg-x11-server-Xwayland security update

An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2319: xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access * CVE-2022-2320: xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension

RHSA-2022:8054: Red Hat Security Advisory: webkit2gtk3 security and bug fix update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22624: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22628: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22629: webkitgtk: Buffer overflow leading to arbitrary code execution * CVE-2022-22662: webkitgtk: Cookie management issue leading to sensitive user information disclosure * CVE-2022-26700: w...

CVE-2022-45188: [1day to 0day] Netatalk from Pwn2own 2021 to 0x00 cent in 2022

Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).

CVE-2022-3942

A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability.

RHSA-2022:7434: Red Hat Security Advisory: Logging Subsystem 5.5.4 - Red Hat OpenShift security update

Logging Subsystem 5.5.4 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

RHSA-2022:7704: Red Hat Security Advisory: webkit2gtk3 security and bug fix update

An update for glib2 and webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22624: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22628: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22629: webkitgtk: Buffer overflow leading to arbitrary code execution * CVE-2022-22662: webkitgtk: Cookie management issue leading to sensitive user information disclosure * CVE-202...

RHSA-2022:7683: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36516: kernel: off-path attacker may inject data or terminate victim's TCP session * CVE-2020-36558: kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference * CVE-2021-3640: kernel: use-after-free vulnerability in function sco_sock_sendmsg() * CVE-2021-30002: kernel: memory leak for large arguments...

RHSA-2022:7444: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36516: kernel: off-path attacker may inject data or terminate victim's TCP session * CVE-2020-36558: kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference * CVE-2021-3640: kernel: use-after-free vulnerability in function sco_sock_sendmsg() * CVE-2021-30002: kernel: memory leak for large argume...

RHSA-2022:7583: Red Hat Security Advisory: xorg-x11-server and xorg-x11-server-Xwayland security and bug fix update

An update for xorg-x11-server, xorg-x11-server-Xwayland, and xorg-x11-xtrans-devel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2319: xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access * CVE-2022-2320: xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension

Red Hat Security Advisory 2022-7338-01

Red Hat Security Advisory 2022-7338-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include code execution, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-7337-01

Red Hat Security Advisory 2022-7337-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include code execution, privilege escalation, and use-after-free vulnerabilities.

RHSA-2022:7344: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

RHSA-2022:7338: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation * CVE-2022-23816: hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions * CVE-2022-23825: hw: cpu: AMD: Branch Type Confusion (non-retbleed) * CVE-2022-26373: hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions * ...

Red Hat Security Advisory 2022-7276-01

Red Hat Security Advisory 2022-7276-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service, server-side request forgery, and remote SQL injection vulnerabilities.

Gentoo Linux Security Advisory 202210-30

Gentoo Linux Security Advisory 202210-30 - Multiple vulnerabilities have been discovered in the Xorg Server and XWayland, the worst of which can result in remote code execution. Versions less than 21.1.4 are affected.

Microsoft Patch Tuesday October 2022: Exchange ProxyNotShell RCE, Windows COM+ EoP, AD EoP, Azure Arc Kubernetes EoP

Hello everyone! This episode will be about Microsoft Patch Tuesday for October 2022, including vulnerabilities that were added between September and October Patch Tuesdays. As usual, I use my open source Vulristics project to create the report. All vulnerabilities: 105Urgent: 2Critical: 1High: 29Medium: 71Low: 2 Let’s take a look at the most interesting vulnerabilities: Two […]

CVE-2022-31678: VMSA-2022-0027.1

VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.

Red Hat Security Advisory 2022-7171-01

Red Hat Security Advisory 2022-7171-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-7137-01

Red Hat Security Advisory 2022-7137-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

RHSA-2022:7110: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0494: kernel: information leak in scsi_ioctl() * CVE-2022-1353: Kernel: A kernel-info-leak issue in pfkey_register * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation * CVE-2022-23816: hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions * CVE-2022-23825: hw: cpu:...

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36966: SolarWinds Platform 2022.4 Release Notes

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.

Red Hat Security Advisory 2022-6991-01

Red Hat Security Advisory 2022-6991-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Red Hat Security Advisory 2022-6978-01

Red Hat Security Advisory 2022-6978-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

RHSA-2022:6983: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-45485: kernel: information leak in the IPv6 implementation * CVE-2021-45486: kernel: information leak in the IPv4 implementation * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation * CVE-2022-21123: hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) * CV...

CVE-2022-35690: Adobe Security Bulletin

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.

CVE-2022-35691: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35691: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35691: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35690: Adobe Security Bulletin

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.

CVE-2022-35690: Adobe Security Bulletin

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.

CVE-2022-35691: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35690: Adobe Security Bulletin

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.

CVE-2022-38440: Adobe Security Bulletin

Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35691: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-38440: Adobe Security Bulletin

Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-38440: Adobe Security Bulletin

Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-38440: Adobe Security Bulletin

Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-38440: Adobe Security Bulletin

Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-38440: Adobe Security Bulletin

Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35691: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-38440: Adobe Security Bulletin

Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-38440: Adobe Security Bulletin

Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35690: Adobe Security Bulletin

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.

CVE-2022-35690: Adobe Security Bulletin

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.

CVE-2022-35690: Adobe Security Bulletin

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.

CVE-2022-35690: Adobe Security Bulletin

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.

CVE-2022-35690: Adobe Security Bulletin

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.

CVE-2022-35690: Adobe Security Bulletin

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.

CVE-2022-35691: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35690: Adobe Security Bulletin

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.

CVE-2022-38440: Adobe Security Bulletin

Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35691: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-41686: en/security-disclosure/2022/2022-10.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.

CVE-2022-41686: en/security-disclosure/2022/2022-10.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.

CVE-2022-41686: en/security-disclosure/2022/2022-10.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.

Microsoft Addresses Zero-Days, but Exchange Server Exploit Chain Remains Unpatched

The computing giant didn't fix ProxyNotLogon in October's Patch Tuesday, but it disclosed a rare 10-out-of-10 bug and patched two other zero-days, including one being exploited.

Microsoft Addresses Zero-Days, but Exchange Server Exploit Chain Remains Unpatched

The computing giant didn't fix ProxyNotLogon in October's Patch Tuesday, but it disclosed a rare 10-out-of-10 bug and patched two other zero-days, including one being exploited.

Microsoft Addresses Zero-Days, but Exchange Server Exploit Chain Remains Unpatched

The computing giant didn't fix ProxyNotLogon in October's Patch Tuesday, but it disclosed a rare 10-out-of-10 bug and patched two other zero-days, including one being exploited.

CVE-2022-37987

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37989.

CVE-2022-38048

Microsoft Office Remote Code Execution Vulnerability.

CVE-2022-37986

Windows Win32k Elevation of Privilege Vulnerability.

CVE-2022-37997

Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-38051.

CVE-2022-37989

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37987.

Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw and Vanja Svajcer. Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line, including seven critical issues in Windows’ point-to-point tunneling protocol.  October's security update features 11 critical vulnerabilities, with the remainder being “important.”   One of the most notable vulnerabilities Microsoft fixed this month is CVE-2022-41038, a remote code execution issue in Microsoft SharePoint. There are several other SharePoint vulnerabilities included in this month’s Patch Tuesday, though this seems the most severe, as Microsoft continues it to be “more likely” to be exploited.  An attacker must be authenticated to the target site with the correct permissions to use manage lists in SharePoint to exploit this vulnerability, and eventually gain the ability to execute remote code on the SharePoint server.   CVE-2022-37968, an elevation of privilege vulnerability in Azure Arc Connect, has th...

Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line.

Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line.

RHSA-2022:6875: Red Hat Security Advisory: kpatch-patch security update

An update is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

RHSA-2022:6872: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation * CVE-2022-21123: hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) * CVE-2022-21125: hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS) * CVE-2022-21166: hw: cpu: Incomplete clea...

CVE-2022-41851

A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The JTTK library is vulnerable to an uninitialized pointer reference vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-16973)

CVE-2022-41749: DCX

An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVE-2022-33882: Security Advisories | Autodesk Trust Center

Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code.

CVE-2022-33884: Security Advisories | Autodesk Trust Center

Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVE-2022-33884: Security Advisories | Autodesk Trust Center

Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVE-2022-33884: Security Advisories | Autodesk Trust Center

Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVE-2022-33884: Security Advisories | Autodesk Trust Center

Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVE-2022-36965: SolarWinds Platform 2022.3 Release Notes

Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).

CVE-2022-36961: SolarWinds Trust Center Security Advisories | CVE-2022-36961

A verb used in Orion was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.

CVE-2022-40709: ZDI-22-1299

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707 and 40708.

CVE-2022-40708: ZDI-22-1298

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707.

CVE-2022-40707: ZDI-22-1297

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40708.

CVE-2022-40710: ZDI-22-1296

A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVE-2022-22629: About the security content of iTunes 12.12.3 for Windows

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-22624: About the security content of tvOS 15.4

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-3263

The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges.

CVE-2022-38742: ThinManager Software Vulnerable to Arbitrary Code Execution and Denial-Of-Service Attack

Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution.

GHSA-h4qg-p7r2-cpg3: Apache Batik vulnerable to Server-Side Request Forgery

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

GHSA-c5xv-qc8p-mh2v: Apache Batik Server-Side Request Forgery

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

CVE-2022-40146

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

CVE-2022-38398

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

Ubuntu Security Notice USN-5623-1

Ubuntu Security Notice 5623-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

CVE-2022-40144: 「Trend Micro Apex One」および「Trend Micro Apex One SaaS」における複数の脆弱性について(JVN#36454862):IPA 独立行政法人 情報処理推進機構

A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product’s login authentication by falsifying request parameters on affected installations.

CVE-2022-40144: 「Trend Micro Apex One」および「Trend Micro Apex One SaaS」における複数の脆弱性について(JVN#36454862):IPA 独立行政法人 情報処理推進機構

A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product’s login authentication by falsifying request parameters on affected installations.

CVE-2022-37348: ZDI-22-1177

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-37347.

CVE-2022-37347: ZDI-22-1176

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-35234.

CVE-2022-40140: ZDI-22-1189

An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVE-2022-40144: 「Trend Micro Apex One」および「Trend Micro Apex One SaaS」における複数の脆弱性について(JVN#36454862):IPA 独立行政法人 情報処理推進機構

A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product’s login authentication by falsifying request parameters on affected installations.

CVE-2022-38764: ZDI-22-1178

A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer.

CVE-2022-34893: ZDI-22-1175

Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with lower privileges could manipulate a mountpoint which could lead to escalation of privilege on an affected machine.

CVE-2022-35699: Adobe Security Bulletin

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35699: Adobe Security Bulletin

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35699: Adobe Security Bulletin

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35699: Adobe Security Bulletin

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35699: Adobe Security Bulletin

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35699: Adobe Security Bulletin

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35699: Adobe Security Bulletin

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35699: Adobe Security Bulletin

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35699: Adobe Security Bulletin

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35699: Adobe Security Bulletin

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35699: Adobe Security Bulletin

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35699: Adobe Security Bulletin

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Ubuntu Security Notice USN-5616-1

Ubuntu Security Notice 5616-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

RHSA-2022:6551: Red Hat Security Advisory: Red Hat Virtualization security update

An update for redhat-release-virtualization-host, redhat-virtualization-host, and redhat-virtualization-host-productimg is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1012: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak * CVE-2022-2132: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs * CVE-2022-...

CVE-2022-35713: Adobe Security Bulletin

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35713: Adobe Security Bulletin

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35713: Adobe Security Bulletin

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35713: Adobe Security Bulletin

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35713: Adobe Security Bulletin

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-38406: Adobe Security Bulletin

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-38406: Adobe Security Bulletin

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-38406: Adobe Security Bulletin

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-38406: Adobe Security Bulletin

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28852: Adobe Security Bulletin

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28852: Adobe Security Bulletin

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-38406: Adobe Security Bulletin

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-38406: Adobe Security Bulletin

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28852: Adobe Security Bulletin

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-38406: Adobe Security Bulletin

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-38406: Adobe Security Bulletin

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35713: Adobe Security Bulletin

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28852: Adobe Security Bulletin

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28852: Adobe Security Bulletin

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28852: Adobe Security Bulletin

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-38406: Adobe Security Bulletin

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-38406: Adobe Security Bulletin

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35713: Adobe Security Bulletin

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28852: Adobe Security Bulletin

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35713: Adobe Security Bulletin

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35713: Adobe Security Bulletin

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28852: Adobe Security Bulletin

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28852: Adobe Security Bulletin

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35713: Adobe Security Bulletin

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-38406: Adobe Security Bulletin

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-38411: Adobe Security Bulletin

Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-38408: Adobe Security Bulletin

Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. requires user interaction in that a victim must open a malicious file.

CVE-2022-38408: Adobe Security Bulletin

Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. requires user interaction in that a victim must open a malicious file.

CVE-2022-38408: Adobe Security Bulletin

Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. requires user interaction in that a victim must open a malicious file.

CVE-2022-38411: Adobe Security Bulletin

Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-40647: ZDI-22-1203

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17558.

CVE-2022-40662: ZDI-22-1218

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15351.

CVE-2022-40661: ZDI-22-1217

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15134.

CVE-2022-40660: ZDI-22-1216

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15135.

CVE-2022-40642: ZDI-22-1198

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17318.

CVE-2022-40659: ZDI-22-1215

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15214.

CVE-2022-40658: ZDI-22-1214

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15166.

CVE-2022-40656: ZDI-22-1212

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 13.2.0.21165. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ND2 files. Crafted data in a ND2 file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15072.

CVE-2022-40640: ZDI-22-1196

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17308.

CVE-2022-40643: ZDI-22-1199

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17407.

CVE-2022-40657: ZDI-22-1213

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. Crafted data in a PSD file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15073.

CVE-2022-40655: ZDI-22-1211

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ND2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15071.

CVE-2022-40641: ZDI-22-1197

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17317.

CVE-2022-40654: ZDI-22-1210

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_T files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18351.

CVE-2022-40645: ZDI-22-1201

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17540.

CVE-2022-40652: ZDI-22-1208

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17846.

CVE-2022-40651: ZDI-22-1207

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17844.

CVE-2022-40650: ZDI-22-1206

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17838.

CVE-2022-40649: ZDI-22-1205

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17565.

CVE-2022-40648: ZDI-22-1204

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17563.

CVE-2022-40637: ZDI-22-1193

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17045.

CVE-2022-40638: ZDI-22-1194

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17102.

CVE-2022-40636: ZDI-22-1192

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17044.

CVE-2022-40646: ZDI-22-1202

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17541.

CVE-2022-40639: ZDI-22-1195

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17207.

CVE-2022-40663: ZDI-22-1219

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15697.

CVE-2022-40653: ZDI-22-1209

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18349.

CVE-2022-40644: ZDI-22-1200

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17408.

Microsoft Quashes Actively Exploited Zero-Day, Wormable Critical Bugs

In Microsoft's lightest Patch Tuesday update of the year so far, several security vulnerabilities stand out as must-patch, researchers warn.

CVE-2022-35823

Microsoft SharePoint Remote Code Execution Vulnerability.

CVE-2022-37963

Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38010.

CVE-2022-37962

Microsoft PowerPoint Remote Code Execution Vulnerability.

CVE-2022-37955

Windows Group Policy Elevation of Privilege Vulnerability.

CVE-2022-37954

DirectX Graphics Kernel Elevation of Privilege Vulnerability.

Microsoft Patch Tuesday for September 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw and Asheer Malhotra.  Microsoft released its monthly security update Tuesday, disclosing 64 vulnerabilities across the company’s hardware and software line, a sharp decline from the record number of issues Microsoft disclosed last month.  September's security update features five critical vulnerabilities, 10 fewer than were included in last month’s Patch Tuesday. There are two moderate-severity vulnerabilities in this release and a low-security issue that’s already been patched as a part of a recent Google Chromium update. The remainder is considered “important.”  The most serious vulnerability exists in several versions of Windows Server and Windows 10 that could allow an attacker to gain the ability to execute remote code (RCE) by sending a singular, specially crafted IPv6 packet to a Windows node where IPSec is enabled. CVE-2022-34718 only affects instances that have IPSec enabled. This vulnerability has a severity score of 9.8 out of 10 and is considered “more likely...

Red Hat Security Advisory 2022-6443-01

Red Hat Security Advisory 2022-6443-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-6443-01

Red Hat Security Advisory 2022-6443-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-6443-01

Red Hat Security Advisory 2022-6443-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-6443-01

Red Hat Security Advisory 2022-6443-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities.

CVE-2022-39156

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18196)

RHSA-2022:6443: Red Hat Security Advisory: mariadb:10.3 security and bug fix update

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT ...

RHSA-2022:6443: Red Hat Security Advisory: mariadb:10.3 security and bug fix update

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT ...

RHSA-2022:6443: Red Hat Security Advisory: mariadb:10.3 security and bug fix update

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT ...

RHSA-2022:6443: Red Hat Security Advisory: mariadb:10.3 security and bug fix update

An update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT ...

Ubuntu Security Notice USN-5602-1

Ubuntu Security Notice 5602-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

CVE-2022-36661: Disclose Three Bugs in xhyve

xhyve commit dfbe09b was discovered to contain a NULL pointer dereference via the component vi_pci_read(). This vulnerability allows attackers to cause a Denial of Service via unspecified vectors.

Ubuntu Security Notice USN-5599-1

Ubuntu Security Notice 5599-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Apple macOS Remote Events Memory Corruption

This is a proof of concept exploit for the Apple macOS remote events remote memory corruption vulnerability. It serves as a toolkit to help debug and trigger crashes.

Ubuntu Security Notice USN-5594-1

Ubuntu Security Notice 5594-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

CVE-2022-2319: Fix CVE-2022-2319, CVE-2022-2320 (!938) · Merge requests · xorg / xserver · GitLab

A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.

Red Hat Security Advisory 2022-6306-01

Red Hat Security Advisory 2022-6306-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-6306-01

Red Hat Security Advisory 2022-6306-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-6306-01

Red Hat Security Advisory 2022-6306-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-6306-01

Red Hat Security Advisory 2022-6306-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Gentoo Linux Security Advisory 202208-39

Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.

Gentoo Linux Security Advisory 202208-39

Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.

Gentoo Linux Security Advisory 202208-36

Gentoo Linux Security Advisory 202208-36 - Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation. Versions less than 6.1.36 are affected.

RHSA-2022:6306: Red Hat Security Advisory: rh-mariadb103-galera and rh-mariadb103-mariadb security and bug fix update

An update for rh-mariadb103-galera and rh-mariadb103-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application ...

RHSA-2022:6306: Red Hat Security Advisory: rh-mariadb103-galera and rh-mariadb103-mariadb security and bug fix update

An update for rh-mariadb103-galera and rh-mariadb103-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application ...

RHSA-2022:6306: Red Hat Security Advisory: rh-mariadb103-galera and rh-mariadb103-mariadb security and bug fix update

An update for rh-mariadb103-galera and rh-mariadb103-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application ...

RHSA-2022:6306: Red Hat Security Advisory: rh-mariadb103-galera and rh-mariadb103-mariadb security and bug fix update

An update for rh-mariadb103-galera and rh-mariadb103-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application ...

CVE-2022-2892

Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file.

CVE-2022-2898

Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition.

CVE-2022-2866

FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of-bounds write while processing project files. If a valid user is tricked into using maliciously crafted project files, an attacker could achieve arbitrary code execution.

CVE-2022-1271: Invalid Bug ID

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

CVE-2022-1404

Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition.

Kernel Live Patch Security Notice LSN-0089-1

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. It was discovered that the implementation of POSIX timers in the Linux kernel did not properly clean up timers in some situations. Various other vulnerabilities were also discovered.

CVE-2022-1043: io_uring: fix xa_alloc_cycle() error return value check · torvalds/linux@a30f895

A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.

CVE-2022-2959: ZDI-22-1165

A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.

CVE-2022-2991: ZDI-22-960

A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability.

Ubuntu Security Notice USN-5582-1

Ubuntu Security Notice 5582-1 - Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations. Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5582-1

Ubuntu Security Notice 5582-1 - Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations. Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code.

CVE-2022-32427: Security Bulletin | Printerlogic

PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content.

CVE-2022-32793: About the security content of macOS Monterey 12.5

Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.

CVE-2022-32811: About the security content of macOS Big Sur 11.6.8

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-32793: About the security content of macOS Monterey 12.5

Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.

GHSA-mw9h-hcp7-fgc6: Exposure of Sensitive Information in OPCFoundation.NetStandard.Opc.Ua.Server

OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information.

CVE-2022-33916: Home Page - OPC Foundation

OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information.

Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities

Hello everyone! In this episode, let’s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August […]

Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities

Hello everyone! In this episode, let’s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August […]

CISA wants you to patch these actively exploited vulnerabilities before September 8

Categories: Exploits and vulnerabilities Categories: News CISA updated its catalog of actively exploited vulnerabilities. Make sure you update your software before the due date! (Read more...) The post CISA wants you to patch these actively exploited vulnerabilities before September 8 appeared first on Malwarebytes Labs.

CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday moved to add a critical SAP security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The issue in question is CVE-2022-22536, which has received the highest possible risk score of 10.0 on the CVSS vulnerability scoring system and was addressed by SAP as part of its Patch

Advantech iView NetworkServlet Command Injection

Advantech iView software versions prior to 5.7.04.6469 are vulnerable to an unauthenticated command injection vulnerability via the NetworkServlet endpoint. The database backup functionality passes a user-controlled parameter, backup_file to the mysqldump command. The sanitization functionality only tests for SQL injection attempts and directory traversal, so leveraging the -r and -w mysqldump flags permits exploitation. The command injection vulnerability is used to write a payload on the target and achieve remote code execution as NT AUTHORITY\SYSTEM.

CVE-2022-2547

A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22.

Ubuntu Security Notice USN-5568-1

Ubuntu Security Notice 5568-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Gentoo Linux Security Advisory 202208-20

Gentoo Linux Security Advisory 202208-20 - Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Versions less than 2.4.54 are affected.

CVE-2021-29118: ArcReader General Data Frame Security Update

An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) which allow an unauthenticated attacker to induce an information disclosure issue in the context of the current user.

CVE-2021-29118: ArcReader General Data Frame Security Update

An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) which allow an unauthenticated attacker to induce an information disclosure issue in the context of the current user.

CVE-2021-29118: ArcReader General Data Frame Security Update

An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) which allow an unauthenticated attacker to induce an information disclosure issue in the context of the current user.

Ubuntu Security Notice USN-5567-1

Ubuntu Security Notice 5567-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5566-1

Ubuntu Security Notice 5566-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5565-1

Ubuntu Security Notice 5565-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5565-1

Ubuntu Security Notice 5565-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5564-1

Ubuntu Security Notice 5564-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

CVE-2022-35677: Adobe Security Bulletin

Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35667: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35677: Adobe Security Bulletin

Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35677: Adobe Security Bulletin

Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34260: Adobe Security Bulletin

Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35677: Adobe Security Bulletin

Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34260: Adobe Security Bulletin

Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34260: Adobe Security Bulletin

Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35677: Adobe Security Bulletin

Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35677: Adobe Security Bulletin

Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35667: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35667: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35667: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35667: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35667: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35667: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35677: Adobe Security Bulletin

Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35667: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34260: Adobe Security Bulletin

Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-35667: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-37024: Security Updates - CVE-2022-37024 | ManageEngine OpManager

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution.

CVE-2022-36923: Security Updates - CVE-2022-36923 | ManageEngine OpManager

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs.

CVE-2022-25793: Security Advisories | Autodesk Trust Center

A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files. This vulnerability may allow arbitrary code execution on affected installations of Autodesk 3ds Max.

Ubuntu Security Notice USN-5562-1

Ubuntu Security Notice 5562-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5562-1

Ubuntu Security Notice 5562-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5560-2

Ubuntu Security Notice 5560-2 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5560-1

Ubuntu Security Notice 5560-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5560-1

Ubuntu Security Notice 5560-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Gentoo Linux Security Advisory 202208-14

Gentoo Linux Security Advisory 202208-14 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0 are affected.

Gentoo Linux Security Advisory 202208-14

Gentoo Linux Security Advisory 202208-14 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0 are affected.

Gentoo Linux Security Advisory 202208-08

Gentoo Linux Security Advisory 202208-8 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0:esr are affected.

Cisco router flaw gives patient attackers full access to small business networks

Vulnerable path is reachable just once a day, but patches still need to be implemented as a matter of priority

CVE-2022-20841: Cisco Security Advisory: Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Microsoft Patch Tuesday, August 2022 Edition

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections.

Microsoft Patch Tuesday for August 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw and Vanja Svajcer. Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its line of products and software, the most in a single Patch Tuesday in four months.   This batch of updates also includes a fix for a new vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) that’s actively being exploited in the wild, according to Microsoft. MSDT was already the target of the so-called “Follina” zero-day vulnerability in June.   In all, August’s Patch Tuesday includes 15 critical vulnerabilities and a single low- and moderate-severity issue. The remainder is classified as “important.”  Two of the important vulnerabilities CVE-2022-35743 and CVE-2022-34713 are remote code execution vulnerabilities in MSDT. However, only CVE-2022-34713 has been exploited in the wild and Microsoft considers it “more likely” to be exploited. Microsoft Exchange Server contains two critical elevation of privilege vulnerabilities, CVE-2...

Microsoft Patch Tuesday for August 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw and Vanja Svajcer. Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its line of products and software, the most in a single Patch Tuesday in four months.   This batch of updates also includes a fix for a new vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) that’s actively being exploited in the wild, according to Microsoft. MSDT was already the target of the so-called “Follina” zero-day vulnerability in June.   In all, August’s Patch Tuesday includes 15 critical vulnerabilities and a single low- and moderate-severity issue. The remainder is classified as “important.”  Two of the important vulnerabilities CVE-2022-35743 and CVE-2022-34713 are remote code execution vulnerabilities in MSDT. However, only CVE-2022-34713 has been exploited in the wild and Microsoft considers it “more likely” to be exploited. Microsoft Exchange Server contains two critical elevation of privilege vulnerabilities, CVE-2...

Microsoft Patch Tuesday for August 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw and Vanja Svajcer. Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its line of products and software, the most in a single Patch Tuesday in four months.   This batch of updates also includes a fix for a new vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) that’s actively being exploited in the wild, according to Microsoft. MSDT was already the target of the so-called “Follina” zero-day vulnerability in June.   In all, August’s Patch Tuesday includes 15 critical vulnerabilities and a single low- and moderate-severity issue. The remainder is classified as “important.”  Two of the important vulnerabilities CVE-2022-35743 and CVE-2022-34713 are remote code execution vulnerabilities in MSDT. However, only CVE-2022-34713 has been exploited in the wild and Microsoft considers it “more likely” to be exploited. Microsoft Exchange Server contains two critical elevation of privilege vulnerabilities, CVE-2...

CVE-2022-34699

Windows Win32k Elevation of Privilege Vulnerability.

CVE-2022-34691

Active Directory Domain Services Elevation of Privilege Vulnerability.

CVE-2022-34703

Windows Partition Management Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33670.

CVE-2022-33670

Windows Partition Management Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-34703.

CVE-2022-35820

Windows Bluetooth Driver Elevation of Privilege Vulnerability.

CVE-2022-30194

Windows WebBrowser Control Remote Code Execution Vulnerability.

RHSA-2022:5948: Red Hat Security Advisory: galera, mariadb, and mysql-selinux security, bug fix, and enhancement update

An update for galera, mariadb, and mysql-selinux is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via cert...

RHSA-2022:5948: Red Hat Security Advisory: galera, mariadb, and mysql-selinux security, bug fix, and enhancement update

An update for galera, mariadb, and mysql-selinux is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via cert...

RHSA-2022:5948: Red Hat Security Advisory: galera, mariadb, and mysql-selinux security, bug fix, and enhancement update

An update for galera, mariadb, and mysql-selinux is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via cert...

RHSA-2022:5948: Red Hat Security Advisory: galera, mariadb, and mysql-selinux security, bug fix, and enhancement update

An update for galera, mariadb, and mysql-selinux is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via cert...

Patch now! Cisco VPN routers are vulnerable to remote control

Cisco has released a security advisory about some serious security vulnerabilities in multiple Cisco small business VPN routers. The post Patch now! Cisco VPN routers are vulnerable to remote control appeared first on Malwarebytes Labs.

Patch now! Cisco VPN routers are vulnerable to remote control

Categories: Exploits and vulnerabilities Categories: News Tags: Cisco Tags: VPN routers Tags: CVE-2022-20842 Tags: CVE-2022-20827 Tags: CVE-2022-20841 Tags: input validation Cisco has released a security advisory about some serious security vulnerabilities in multiple Cisco small business VPN routers. (Read more...) The post Patch now! Cisco VPN routers are vulnerable to remote control appeared first on Malwarebytes Labs.

Red Hat Security Advisory 2022-5905-01

Red Hat Security Advisory 2022-5905-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include an out of bounds access vulnerability.

Red Hat Security Advisory 2022-5905-01

Red Hat Security Advisory 2022-5905-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include an out of bounds access vulnerability.

RHSA-2022:5905: Red Hat Security Advisory: xorg-x11-server security update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2319: xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access * CVE-2022-2320: xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension

RHSA-2022:5905: Red Hat Security Advisory: xorg-x11-server security update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2319: xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access * CVE-2022-2320: xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension

Cisco Business Routers Found Vulnerable to Critical Remote Hacking Flaws

Cisco on Wednesday rolled out patches to address eight security vulnerabilities, three of which could be weaponized by an unauthenticated attacker to gain remote code execution (RCE) or cause a denial-of-service (DoS) condition on affected devices. The most critical of the flaws impact Cisco Small Business RV160, RV260, RV340, and RV345 Series routers. Tracked as CVE-2022-20842 (CVSS score: 9.8)

CVE-2022-28668: ZDI-22-622

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.9.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16679.

CVE-2022-35864: ZDI-22-967

This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690.

CVE-2022-2272: ZDI-22-955

This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the login endpoint. When parsing the username element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17331.

CVE-2022-35866: ZDI-22-959

This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139.

CVE-2022-28684: ZDI-22-872

This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16710.

CVE-2022-35865: ZDI-22-968

This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16709.

CVE-2022-35867: ZDI-22-949

This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-15056.

CVE-2022-34871: Centreon Core | Centreon Documentation

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-16335.

CVE-2022-32293: [PATCH 3/6] wispr: Add reference counter to portal context

In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.

CVE-2022-32292: Invalid Bug ID

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.

RHSA-2022:5826: Red Hat Security Advisory: mariadb:10.5 security, bug fix, and enhancement update

An update for the mariadb:10.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT ...

RHSA-2022:5826: Red Hat Security Advisory: mariadb:10.5 security, bug fix, and enhancement update

An update for the mariadb:10.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT ...

RHSA-2022:5826: Red Hat Security Advisory: mariadb:10.5 security, bug fix, and enhancement update

An update for the mariadb:10.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT ...

RHSA-2022:5826: Red Hat Security Advisory: mariadb:10.5 security, bug fix, and enhancement update

An update for the mariadb:10.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT ...

CVE-2022-35234: Security Bulletin: Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine.

CVE-2022-36336: ZDI-22-1033

A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue.

CVE-2022-33158: Security Bulletin: Trend Micro VPN Proxy One Pro Incorrect Permission Assignment Local Privilege Escalation Vulnerability

Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system.

CVE-2022-33881: Security Advisories | Autodesk Trust Center

Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

RHSA-2022:5759: Red Hat Security Advisory: rh-mariadb105-galera and rh-mariadb105-mariadb security and bugfix update

An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application ...

RHSA-2022:5759: Red Hat Security Advisory: rh-mariadb105-galera and rh-mariadb105-mariadb security and bugfix update

An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application ...

RHSA-2022:5759: Red Hat Security Advisory: rh-mariadb105-galera and rh-mariadb105-mariadb security and bugfix update

An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application ...

RHSA-2022:5759: Red Hat Security Advisory: rh-mariadb105-galera and rh-mariadb105-mariadb security and bugfix update

An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46659: mariadb: Crash executing query with VIEW, aggregate and subquery * CVE-2021-46661: mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE) * CVE-2021-46663: mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application ...

CVE-2022-35869: ZDI-22-1016

This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within com.inductiveautomation.ignition.gateway.web.pages. The issue results from the lack of proper authentication prior to access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17211.

CVE-2022-35873

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16949.

CVE-2022-35870: ZDI-22-1017

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within com.inductiveautomation.metro.impl. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17265.

Snowballing Ransomware Variants Highlight Growing Threat to VMware ESXi Environments

Luna, Black Basta add to rapidly growing list of malware tools targeted at virtual machines deployed on VMware's bare-metal hypervisor technology.

Apple Security Advisory 2022-07-20-7

Apple Security Advisory Safari - Safari 15.6 addresses code execution and out of bounds write vulnerabilities.

Apple Security Advisory 2022-07-20-6

Apple Security Advisory 2022-07-20-6 - watchOS 8.7 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and spoofing vulnerabilities.

Apple Security Advisory 2022-07-20-5

Apple Security Advisory 2022-07-20-5 - tvOS 15.6 addresses buffer overflow, bypass, code execution, information leakage, out of bounds read, out of bounds write, and spoofing vulnerabilities.

Apple Security Advisory 2022-07-20-4

Apple Security Advisory 2022-07-20-4 - Security Update 2022-005 Catalina addresses code execution, information leakage, null pointer, out of bounds read, and out of bounds write vulnerabilities.

Apple Security Advisory 2022-07-20-3

Apple Security Advisory 2022-07-20-3 - macOS Big Sur 11.6.8 addresses code execution, information leakage, null pointer, out of bounds read, and out of bounds write vulnerabilities.

Apple Security Advisory 2022-07-20-2

Apple Security Advisory 2022-07-20-2 - macOS Monterey 12.5 addresses bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities.

Apple Security Advisory 2022-07-20-2

Apple Security Advisory 2022-07-20-2 - macOS Monterey 12.5 addresses bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities.

Apple Security Advisory 2022-07-20-1

Apple Security Advisory 2022-07-20-1 - iOS 15.6 and iPadOS 15.6 addresses buffer overflow, bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities.

CVE-2022-2143

The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.

Apple Releases Security Patches for all Devices Fixing Dozens of New Vulnerabilities

Apple on Wednesday rolled out software fixes for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms. This includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS). Chief among them is

CVE-2022-29834: JVNVU#96480474: 三菱電機製GENESIS64およびMC Works64における複数の脆弱性

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS GENESIS64 versions 10.97 to 10.97.1 allows a remote unauthenticated attacker to access to arbitrary files in the GENESIS64 server and disclose information stored in the files by embedding a malicious URL parameter in the URL of the monitoring screen delivered to the GENESIS64 mobile monitoring application and accessing the monitoring screen.

CVE-2022-29834: JVNVU#96480474: 三菱電機製GENESIS64およびMC Works64における複数の脆弱性

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS GENESIS64 versions 10.97 to 10.97.1 allows a remote unauthenticated attacker to access to arbitrary files in the GENESIS64 server and disclose information stored in the files by embedding a malicious URL parameter in the URL of the monitoring screen delivered to the GENESIS64 mobile monitoring application and accessing the monitoring screen.

CVE-2022-29834: JVNVU#96480474: 三菱電機製GENESIS64およびMC Works64における複数の脆弱性

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS GENESIS64 versions 10.97 to 10.97.1 allows a remote unauthenticated attacker to access to arbitrary files in the GENESIS64 server and disclose information stored in the files by embedding a malicious URL parameter in the URL of the monitoring screen delivered to the GENESIS64 mobile monitoring application and accessing the monitoring screen.

CVE-2022-29834: JVNVU#96480474: 三菱電機製GENESIS64およびMC Works64における複数の脆弱性

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS GENESIS64 versions 10.97 to 10.97.1 allows a remote unauthenticated attacker to access to arbitrary files in the GENESIS64 server and disclose information stored in the files by embedding a malicious URL parameter in the URL of the monitoring screen delivered to the GENESIS64 mobile monitoring application and accessing the monitoring screen.

CVE-2022-29834: JVNVU#96480474: 三菱電機製GENESIS64およびMC Works64における複数の脆弱性

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS GENESIS64 versions 10.97 to 10.97.1 allows a remote unauthenticated attacker to access to arbitrary files in the GENESIS64 server and disclose information stored in the files by embedding a malicious URL parameter in the URL of the monitoring screen delivered to the GENESIS64 mobile monitoring application and accessing the monitoring screen.

CVE-2022-29834: JVNVU#96480474: 三菱電機製GENESIS64およびMC Works64における複数の脆弱性

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS GENESIS64 versions 10.97 to 10.97.1 allows a remote unauthenticated attacker to access to arbitrary files in the GENESIS64 server and disclose information stored in the files by embedding a malicious URL parameter in the URL of the monitoring screen delivered to the GENESIS64 mobile monitoring application and accessing the monitoring screen.

CVE-2022-29834: JVNVU#96480474: 三菱電機製GENESIS64およびMC Works64における複数の脆弱性

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS GENESIS64 versions 10.97 to 10.97.1 allows a remote unauthenticated attacker to access to arbitrary files in the GENESIS64 server and disclose information stored in the files by embedding a malicious URL parameter in the URL of the monitoring screen delivered to the GENESIS64 mobile monitoring application and accessing the monitoring screen.

CVE-2022-21586: Oracle Critical Patch Update Advisory - July 2022

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).

CVE-2022-28677: ZDI-22-768

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16663.

CVE-2022-28683: ZDI-22-774

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the deletePages method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16828.

CVE-2022-28682: ZDI-22-773

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16778.

CVE-2022-34874: ZDI-22-951

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17474.

CVE-2022-34875: ZDI-22-950

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ADBC objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16981.

CVE-2022-28669: ZDI-22-760

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16420.

CVE-2022-34873: ZDI-22-952

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16777.

CVE-2022-28670: ZDI-22-761

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. Crafted data in an AcroForm can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16523.

CVE-2022-28671: ZDI-22-762

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16639.

CVE-2022-28679: ZDI-22-770

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16861.

CVE-2022-28672: ZDI-22-763

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16640.

CVE-2022-28681: ZDI-22-772

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the deletePages method. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16825.

CVE-2022-28673: ZDI-22-764

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16641.

CVE-2022-28674: ZDI-22-765

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16644.

CVE-2022-28678: ZDI-22-769

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16805.

CVE-2022-28675: ZDI-22-766

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16642.

CVE-2022-28676: ZDI-22-767

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16643.

CVE-2022-28680: ZDI-22-771

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16821.

CVE-2022-34902: KB Parallels: Parallels Access Security Updates

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Desktop Control Agent service. The service loads Qt plugins from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-15787.

CVE-2022-34891: ZDI-22-942

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update machanism. The product sets incorrect permissions on sensitive files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16395.

CVE-2022-34890: ZDI-22-941

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-16653.

CVE-2022-34889: ZDI-22-940

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the ACPI virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-16554.

CVE-2022-34892: KB Parallels: Parallels Desktop Security Updates

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update machanism. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-16396.

CVE-2022-28809: ODA Security Advisories | Open Design Alliance

An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading a DWG file with an invalid vertex number in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2022-28809: ODA Security Advisories | Open Design Alliance

An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading a DWG file with an invalid vertex number in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2022-27934: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.

CVE-2022-27937: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.

CVE-2021-34986: ZDI-22-385

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.0 (49183). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. By creating a symbolic link, an attacker can abuse the service to execute a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13932.

CVE-2021-34987: ZDI-22-386

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.1 (49187). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the HDAudio virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-14969.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34244: Adobe Security Bulletin

Adobe Photoshop versions 22.5.7 (and earlier) and 23.3.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34244: Adobe Security Bulletin

Adobe Photoshop versions 22.5.7 (and earlier) and 23.3.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34242: Adobe Security Bulletin

Adobe Character Animator version 4.4.7 (and earlier) and 22.4 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34242: Adobe Security Bulletin

Adobe Character Animator version 4.4.7 (and earlier) and 22.4 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-34239: Adobe Security Bulletin

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Ubuntu Security Notice USN-5510-2

Ubuntu Security Notice 5510-2 - USN-5510-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.

Ubuntu Security Notice USN-5510-2

Ubuntu Security Notice 5510-2 - USN-5510-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.

CVE-2022-22034

Windows Graphics Component Elevation of Privilege Vulnerability.

Ubuntu Security Notice USN-5510-1

Ubuntu Security Notice 5510-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.

Ubuntu Security Notice USN-5510-1

Ubuntu Security Notice 5510-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.

Microsoft Patch Tuesday for July 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw and Tiago Pereira.  Microsoft released its monthly security update Tuesday, disclosing more than 80 vulnerabilities in the company’s various software, hardware and firmware offerings, including one that’s actively being exploited in the wild.  July's security update... [[ This is only the beginning! Please visit the blog for the complete entry ]]

CVE-2022-34465

A vulnerability has been identified in Parasolid V33.1 (All versions), Parasolid V34.0 (All versions < V34.0.250), Parasolid V34.1 (All versions < V34.1.233), Simcenter Femap (All versions). The affected application contains an out of bounds read past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15420)

CVE-2022-34748

A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17293)

Roundtable: Amid Cyberattack Frenzy, How Can QNAP Customers Protect the Business?

Our roundtable of cybersecurity experts weighs in on what makes QNAP network-attached storage catnip for attackers, and what organizations can do about it.

Roundtable: Amid Cyberattack Frenzy, How Can QNAP Customers Protect the Business?

Our roundtable of cybersecurity experts weighs in on what makes QNAP network-attached storage catnip for attackers, and what organizations can do about it.

Roundtable: Amid Cyberattack Frenzy, How Can QNAP Customers Protect the Business?

Our roundtable of cybersecurity experts weighs in on what makes QNAP network-attached storage catnip for attackers, and what organizations can do about it.

Red Hat Security Advisory 2022-5189-01

Red Hat Security Advisory 2022-5189-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes.

CVE-2022-27868: Security Advisories | Autodesk Trust Center

A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

CVE-2022-27869: Security Advisories | Autodesk Trust Center

A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code.

CVE-2022-27867: Security Advisories | Autodesk Trust Center

A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

CVE-2022-27869: Security Advisories | Autodesk Trust Center

A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code.

CVE-2022-27867: Security Advisories | Autodesk Trust Center

A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

CVE-2022-27868: Security Advisories | Autodesk Trust Center

A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

CVE-2022-27869: Security Advisories | Autodesk Trust Center

A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code.

CVE-2022-27867: Security Advisories | Autodesk Trust Center

A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

CVE-2022-27868: Security Advisories | Autodesk Trust Center

A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

CVE-2022-27868: Security Advisories | Autodesk Trust Center

A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

CVE-2022-27868: Security Advisories | Autodesk Trust Center

A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

CVE-2022-27868: Security Advisories | Autodesk Trust Center

A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

CVE-2022-27868: Security Advisories | Autodesk Trust Center

A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

CVE-2022-27869: Security Advisories | Autodesk Trust Center

A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code.

Red Hat Security Advisory 2022-5052-01

Red Hat Security Advisory 2022-5052-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.

Red Hat Security Advisory 2022-4992-01

Red Hat Security Advisory 2022-4992-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.

Red Hat Security Advisory 2022-4993-01

Red Hat Security Advisory 2022-4993-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.

Red Hat Security Advisory 2022-4994-01

Red Hat Security Advisory 2022-4994-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.

GHSA-vhfw-v69p-crcw: Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua

A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to cause a server to trigger an out of memory exception by sending a large number of message chunks.

GHSA-fvxf-r9fw-49pc: Incorrect Implementation of Authentication Algorithm in OPCFoundation.NetStandard.Opc.Ua

A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client or server to bypass the application authentication mechanism and allow a connection to an untrusted peer.

GHSA-6fp8-cxc9-4fr9: Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua

A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to trigger a stack overflow exception in a server that exposes an HTTPS endpoint.

CVE-2022-30650: Adobe Security Bulletin

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30650: Adobe Security Bulletin

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30650: Adobe Security Bulletin

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30650: Adobe Security Bulletin

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30650: Adobe Security Bulletin

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30650: Adobe Security Bulletin

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30650: Adobe Security Bulletin

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30650: Adobe Security Bulletin

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30664: Adobe Security Bulletin

Adobe Animate version 22.0.5 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30658: Adobe Security Bulletin

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30658: Adobe Security Bulletin

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30658: Adobe Security Bulletin

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30658: Adobe Security Bulletin

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30658: Adobe Security Bulletin

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30658: Adobe Security Bulletin

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30658: Adobe Security Bulletin

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27532: Security Advisories | Autodesk Trust Center

A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files. This vulnerability in conjunction with other vulnerabilities could lead to arbitrary code execution.

CVE-2022-30157

Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30158.

CVE-2022-30669: Adobe Security Bulletin

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30669: Adobe Security Bulletin

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30669: Adobe Security Bulletin

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30669: Adobe Security Bulletin

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30669: Adobe Security Bulletin

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30669: Adobe Security Bulletin

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30669: Adobe Security Bulletin

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30669: Adobe Security Bulletin

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30669: Adobe Security Bulletin

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30669: Adobe Security Bulletin

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30669: Adobe Security Bulletin

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-30669: Adobe Security Bulletin

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28749: Security Bulletin

Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. As a result, a threat actor in the Zooms waiting room can join the meeting without the consent of the host.

CVE-2022-28850: Adobe Security Bulletin

Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28850: Adobe Security Bulletin

Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2021-42735: Adobe Security Bulletin

Adobe Photoshop version 22.5.1 (and earlier versions ) is affected by an Access of Memory Location After End of Buffer vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

CVE-2022-28850: Adobe Security Bulletin

Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28850: Adobe Security Bulletin

Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28850: Adobe Security Bulletin

Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28850: Adobe Security Bulletin

Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28850: Adobe Security Bulletin

Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28850: Adobe Security Bulletin

Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28850: Adobe Security Bulletin

Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28850: Adobe Security Bulletin

Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28850: Adobe Security Bulletin

Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28850: Adobe Security Bulletin

Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-31219

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.

Microsoft Patch Tuesday for June 2022 — Snort rules and prominent vulnerabilities

By Chetan Raghuprasad. Microsoft released its monthly security update Tuesday, disclosing 55 vulnerabilities in the company’s firmware and software. One of these vulnerabilities is considered critical, 40 are listed as high severity, and the remainder is considered "moderate."  The most... [[ This is only the beginning! Please visit the blog for the complete entry ]]

RHSA-2022:4991: Red Hat Security Advisory: xz security update

An update for xz is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability

CVE-2022-30703: Security Bulletin: Trend Micro Security Exposed Dangerous Method Information Disclosure Vulnerability

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation.

CVE-2022-30702: Security Bulletin: Trend Micro Security Out-Of-Bounds Read Information Disclosure Vulnerability

Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine.

Red Hat Security Advisory 2022-4940-01

Red Hat Security Advisory 2022-4940-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.

CVE-2022-29085: DSA-2022-021: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

CVE-2022-29483

Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.

CVE-2022-1660

The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code.

MyBB Admin Control Remote Code Execution

This Metasploit module exploits an improper input validation vulnerability in MyBB versions prior to 1.8.30 to execute arbitrary code in the context of the user running the application. The MyBB Admin Control setting page calls the PHP eval function with unsanitized user input. The exploit adds a new setting, injecting the payload in the vulnerable field, and triggers its execution with a second request. Finally, it takes care of cleaning up and removes the setting. Note that authentication is required for this exploit to work and the account must have rights to add or update settings (typically, the myBB administrator role).

Red Hat Security Advisory 2022-4769-01

Red Hat Security Advisory 2022-4769-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1.

Red Hat Security Advisory 2022-4770-01

Red Hat Security Advisory 2022-4770-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1.

Red Hat Security Advisory 2022-4766-01

Red Hat Security Advisory 2022-4766-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.1 ESR.

Red Hat Security Advisory 2022-4776-01

Red Hat Security Advisory 2022-4776-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.1 ESR.

RHSA-2022:4776: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1529: Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution * CVE-2022-1802: Mozilla: Prototype pollution in Top-Level Await implementation

RHSA-2022:4776: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1529: Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution * CVE-2022-1802: Mozilla: Prototype pollution in Top-Level Await implementation

RHSA-2022:4765: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1529: Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution * CVE-2022-1802: Mozilla: Prototype pollution in Top-Level Await implementation

RHSA-2022:4772: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1529: Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution * CVE-2022-1802: Mozilla: Prototype pollution in Top-Level Await implementation

RHSA-2022:4766: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1529: Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution * CVE-2022-1802: Mozilla: Prototype pollution in Top-Level Await implementation

RHSA-2022:4770: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1529: Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution * CVE-2022-1802: Mozilla: Prototype pollution in Top-Level Await implementation

Red Hat Security Advisory 2022-4774-01

Red Hat Security Advisory 2022-4774-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1.

Red Hat Security Advisory 2022-4773-01

Red Hat Security Advisory 2022-4773-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1.

Firefox, Thunderbird, receive patches for critical security issues

Critical updates have been released for both Firefox and Thunderbird. Apply now if you haven't already—we explain how. The post Firefox, Thunderbird, receive patches for critical security issues appeared first on Malwarebytes Labs.

RHSA-2022:4767: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1529: Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution * CVE-2022-1802: Mozilla: Prototype pollution in Top-Level Await implementation

CVE-2022-30701: DCX

An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVE-2022-30687: ZDI-22-789

Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product’s secure erase feature to delete arbitrary files.

Microsoft Patch Tuesday May 2022: Edge RCE, PetitPotam LSA Spoofing, bad patches

Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2022. Sorry for the delay, this month has been quite intense. As usual, I’m using my Vulristics project and going through not only the vulnerabilities that were presented on May 10th, but all the MS vulnerabilities presented by Microsoft since the previous Patch […]

Microsoft Patch Tuesday May 2022: Edge RCE, PetitPotam LSA Spoofing, bad patches

Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2022. Sorry for the delay, this month has been quite intense. As usual, I’m using my Vulristics project and going through not only the vulnerabilities that were presented on May 10th, but all the MS vulnerabilities presented by Microsoft since the previous Patch […]

CVE-2022-26774: About the security content of iTunes 12.12.4 for Windows

A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.

CVE-2022-26774: About the security content of iTunes 12.12.4 for Windows

A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.

CVE-2022-26738: About the security content of macOS Monterey 12.4

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

CVE-2022-26724: About the security content of tvOS 15.5

An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.

CVE-2022-26738: About the security content of macOS Monterey 12.4

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

CVE-2022-26738: About the security content of macOS Monterey 12.4

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

CVE-2022-26738: About the security content of macOS Monterey 12.4

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

CVE-2022-26738: About the security content of macOS Monterey 12.4

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

CVE-2022-26738: About the security content of macOS Monterey 12.4

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

CVE-2022-22673: About the security content of iOS 15.5 and iPadOS 15.5

This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.

CVE-2022-22675: About the security content of macOS Big Sur 11.6.6

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

CVE-2022-22676: About the security content of macOS Monterey 12.2

An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it does not have permission.

CVE-2022-22673: About the security content of iOS 15.5 and iPadOS 15.5

This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.

CVE-2022-22676: About the security content of macOS Monterey 12.2

An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it does not have permission.

CVE-2022-22675: About the security content of macOS Big Sur 11.6.6

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

CVE-2022-22675: About the security content of macOS Big Sur 11.6.6

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

CVE-2022-22676: About the security content of macOS Monterey 12.2

An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it does not have permission.

CVE-2022-22676: About the security content of macOS Monterey 12.2

An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it does not have permission.

CVE-2022-22675: About the security content of macOS Big Sur 11.6.6

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

CVE-2022-22675: About the security content of macOS Big Sur 11.6.6

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

Tails OS Users Advised Not to Use Tor Browser Until Critical Firefox Bugs are Patched

The maintainers of the Tails project have issued a warning that the Tor Browser that's bundled with the operating system is unsafe to use for accessing or entering sensitive information. "We recommend that you stop using Tails until the release of 5.1 (May 31) if you use Tor Browser for sensitive information (passwords, private messages, personal information, etc.)," the project said in an

Tails OS Users Advised Not to Use Tor Browser Until Critical Firefox Bugs are Patched

The maintainers of the Tails project have issued a warning that the Tor Browser that's bundled with the operating system is unsafe to use for accessing or entering sensitive information. "We recommend that you stop using Tails until the release of 5.1 (May 31) if you use Tor Browser for sensitive information (passwords, private messages, personal information, etc.)," the project said in an

Red Hat Security Advisory 2022-4729-01

Red Hat Security Advisory 2022-4729-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.1 ESR.

Red Hat Security Advisory 2022-4730-01

Red Hat Security Advisory 2022-4730-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1.

New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message

Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and execute malicious code. Tracked from CVE-2022-22784 through CVE-2022-22787, the issues range between 5.9 and 8.1 in severity. Ivan Fratric of Google

CVE-2021-32969

Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code.

RHSA-2022:4729: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1529: Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution * CVE-2022-1802: Mozilla: Prototype pollution in Top-Level Await implementation

Microsoft Rushes a Fix After May Patch Tuesday Breaks Authentication

Two of Microsoft's Patch Tuesday updates need a do-over after causing certificate-based authentication errors.

CVE-2022-27653

A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15594)

CVE-2022-30551: GitHub - OPCFoundation/UA-Java-Legacy: This repository is provided by OPC Foundation as legacy support for an Java version for OPC UA.

OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources.

CVE-2022-30138

Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29104, CVE-2022-29132.

CVE-2022-22784: Security Bulletin

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving users client perform a variety of actions.This issue could be used in a more sophisticated attack to forge XMPP messages from the server.

RHSA-2022:4582: Red Hat Security Advisory: gzip security update

An update for gzip is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability

CVE-2022-1118

Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in arbitrary code execution. This vulnerability requires user interaction to be successfully exploited

Apple Security Advisory 2022-05-16-6

Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-5

Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-4

Apple Security Advisory 2022-05-16-4 - Security Update 2022-004 Catalina addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-4

Apple Security Advisory 2022-05-16-4 - Security Update 2022-004 Catalina addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-4

Apple Security Advisory 2022-05-16-4 - Security Update 2022-004 Catalina addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-4

Apple Security Advisory 2022-05-16-4 - Security Update 2022-004 Catalina addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-4

Apple Security Advisory 2022-05-16-4 - Security Update 2022-004 Catalina addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-3

Apple Security Advisory 2022-05-16-3 - macOS Big Sur 11.6.6 addresses bypass, code execution, denial of service, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-3

Apple Security Advisory 2022-05-16-3 - macOS Big Sur 11.6.6 addresses bypass, code execution, denial of service, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-3

Apple Security Advisory 2022-05-16-3 - macOS Big Sur 11.6.6 addresses bypass, code execution, denial of service, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-3

Apple Security Advisory 2022-05-16-3 - macOS Big Sur 11.6.6 addresses bypass, code execution, denial of service, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-2

Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-2

Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-2

Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-2

Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-2

Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-2

Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-1

Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-1

Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

CVE-2022-30523: Security Bulletin: Trend Micro Password Manager Link Following Privilege Escalation Vulnerability

Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine.

CVE-2022-28830: Adobe Security Bulletin

Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28830: Adobe Security Bulletin

Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28830: Adobe Security Bulletin

Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28830: Adobe Security Bulletin

Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28830: Adobe Security Bulletin

Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28830: Adobe Security Bulletin

Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28830: Adobe Security Bulletin

Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28830: Adobe Security Bulletin

Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28830: Adobe Security Bulletin

Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28830: Adobe Security Bulletin

Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28830: Adobe Security Bulletin

Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability

Zyxel has moved to address a critical security vulnerability affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution. "A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device," the company said in an advisory

CVE-2022-28819: Adobe Security Bulletin

Adobe Character Animator versions 4.4.2 (and earlier) and 22.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious SVG file.

Microsoft Patch Tuesday: Fixes for 0-Day and 74 Other Flaws Released

By Waqas The latest edition of Patch Tuesday offers fixes for 7 critical flaws, including 5 RCE (remote code execution)… This is a post from HackRead.com Read the original post: Microsoft Patch Tuesday: Fixes for 0-Day and 74 Other Flaws Released

Microsoft Patch Tuesday: Fixes for 0-Day and 74 Other Flaws Released

By Waqas The latest edition of Patch Tuesday offers fixes for 7 critical flaws, including 5 RCE (remote code execution)… This is a post from HackRead.com Read the original post: Microsoft Patch Tuesday: Fixes for 0-Day and 74 Other Flaws Released

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

RHSA-2022:2216: Red Hat Security Advisory: Red Hat OpenShift Logging Security and Bug update Release 5.4.1

Logging Subsystem 5.4.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-37136: netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data * CVE-2021-37137: netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way * CVE-2021-43797: netty: control chars in header names may lead to HTTP request smuggling * CVE-2022-21698: prometheus/client_golang: Denial of service u...

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-27789: Adobe Security Bulletin

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-24101: Adobe Security Bulletin

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates

Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities, including one for a zero-day bug that's being actively exploited in the wild. Of the 74 issues, seven are rated Critical, 66 are rated Important, and one is rated low in severity. Two of the flaws are listed as publicly known at the time of release. These encompass 24 remote code execution (RCE), 21 elevation of

Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates

Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities, including one for a zero-day bug that's being actively exploited in the wild. Of the 74 issues, seven are rated Critical, 66 are rated Important, and one is rated low in severity. Two of the flaws are listed as publicly known at the time of release. These encompass 24 remote code execution (RCE), 21 elevation of

Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates

Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities, including one for a zero-day bug that's being actively exploited in the wild. Of the 74 issues, seven are rated Critical, 66 are rated Important, and one is rated low in severity. Two of the flaws are listed as publicly known at the time of release. These encompass 24 remote code execution (RCE), 21 elevation of

Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates

Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities, including one for a zero-day bug that's being actively exploited in the wild. Of the 74 issues, seven are rated Critical, 66 are rated Important, and one is rated low in severity. Two of the flaws are listed as publicly known at the time of release. These encompass 24 remote code execution (RCE), 21 elevation of

What to Patch Now: Actively Exploited Windows Zero-Day Threatens Domain Controllers

Microsoft's May 2022 Patch Tuesday contains several bugs in ubiquitous software that could affect millions of machines, researchers warn.

What to Patch Now: Actively Exploited Windows Zero-Day Threatens Domain Controllers

Microsoft's May 2022 Patch Tuesday contains several bugs in ubiquitous software that could affect millions of machines, researchers warn.

What to Patch Now: Actively Exploited Windows Zero-Day Threatens Domain Controllers

Microsoft's May 2022 Patch Tuesday contains several bugs in ubiquitous software that could affect millions of machines, researchers warn.

What to Patch Now: Actively Exploited Windows Zero-Day Threatens Domain Controllers

Microsoft's May 2022 Patch Tuesday contains several bugs in ubiquitous software that could affect millions of machines, researchers warn.

CVE-2022-26927

Windows Graphics Component Remote Code Execution Vulnerability.

CVE-2022-29104

Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29132.

CVE-2022-29140

Windows Print Spooler Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-29114.

CVE-2022-26923

Active Directory Domain Services Elevation of Privilege Vulnerability.

CVE-2022-29140

Windows Print Spooler Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-29114.

CVE-2022-29148

Visual Studio Remote Code Execution Vulnerability.

CVE-2022-29114

Windows Print Spooler Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-29140.

CVE-2022-29148

Visual Studio Remote Code Execution Vulnerability.

CVE-2022-29105

Microsoft Windows Media Foundation Remote Code Execution Vulnerability.

Microsoft Patch Tuesday for May 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw, with contributions from Jaeson Schultz.  Microsoft returned to its normal monthly patching volume in May, disclosing and fixing 74 vulnerabilities as part of the company’s latest security update. This month’s Patch Tuesday includes seven critical vulnerabilities after Microsoft... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Microsoft Patch Tuesday for May 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw, with contributions from Jaeson Schultz.  Microsoft returned to its normal monthly patching volume in May, disclosing and fixing 74 vulnerabilities as part of the company’s latest security update. This month’s Patch Tuesday includes seven critical vulnerabilities after Microsoft... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Microsoft Patch Tuesday for May 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw, with contributions from Jaeson Schultz.  Microsoft returned to its normal monthly patching volume in May, disclosing and fixing 74 vulnerabilities as part of the company’s latest security update. This month’s Patch Tuesday includes seven critical vulnerabilities after Microsoft... [[ This is only the beginning! Please visit the blog for the complete entry ]]

CVE-2022-28279: Adobe Security Bulletin

Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28279: Adobe Security Bulletin

Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28279: Adobe Security Bulletin

Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28279: Adobe Security Bulletin

Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28279: Adobe Security Bulletin

Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28279: Adobe Security Bulletin

Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28279: Adobe Security Bulletin

Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28279: Adobe Security Bulletin

Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28279: Adobe Security Bulletin

Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28279: Adobe Security Bulletin

Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28279: Adobe Security Bulletin

Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28279: Adobe Security Bulletin

Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28279: Adobe Security Bulletin

Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-28279: Adobe Security Bulletin

Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-21496: Oracle Critical Patch Update Advisory - April 2022

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...

CVE-2022-21496: Oracle Critical Patch Update Advisory - April 2022

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...

CVE-2022-21496: Oracle Critical Patch Update Advisory - April 2022

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...

CVE-2022-21496: Oracle Critical Patch Update Advisory - April 2022

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...

CVE-2022-21496: Oracle Critical Patch Update Advisory - April 2022

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...

CVE-2022-21496: Oracle Critical Patch Update Advisory - April 2022

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...

CVE-2022-21496: Oracle Critical Patch Update Advisory - April 2022

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...

CVE-2022-0556

A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator.

CVE-2022-25959

Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code.

CVE-2022-22995: WDC-22005 Netatalk Security Vulnerabilities | Western Digital

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

CVE-2022-22665: About the security content of macOS Monterey 12.3

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.

CVE-2022-22665: About the security content of macOS Monterey 12.3

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.

CVE-2022-22633: About the security content of macOS Big Sur 11.6.5

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.

CVE-2022-22665: About the security content of macOS Monterey 12.3

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.

CVE-2022-22633: About the security content of macOS Big Sur 11.6.5

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.

CVE-2022-22665: About the security content of macOS Monterey 12.3

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.

CVE-2022-22633: About the security content of macOS Big Sur 11.6.5

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.

CVE-2022-22633: About the security content of macOS Big Sur 11.6.5

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.

CVE-2022-22665: About the security content of macOS Monterey 12.3

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.

CVE-2022-22583: About the security content of Security Update 2022-001 Catalina

A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.

CVE-2022-22633: About the security content of macOS Big Sur 11.6.5

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.

CVE-2022-22633: About the security content of macOS Big Sur 11.6.5

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.

CVE-2022-22665: About the security content of macOS Monterey 12.3

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.

CVE-2022-24734: Version 1.8.30 - MyBB

MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB's Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds.

CVE-2022-24509

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2022-24510

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24052: Security Vulnerabilities Fixed in MariaDB

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.

CVE-2022-24050: ZDI-22-364

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.

CVE-2022-24048: ZDI-22-363

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.

CVE-2022-24063: ZDI-22-255

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 13.2.0.21165. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15105.

CVE-2022-20707: Cisco Security Advisory: Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2022-22539

When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.

CVE-2022-22716

Microsoft Excel Information Disclosure Vulnerability

CVE-2021-35005: August Updates - Security Patches

This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-13818.

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2021-44705: Adobe Security Bulletin

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2021-44705: Adobe Security Bulletin

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2021-44705: Adobe Security Bulletin

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2021-44705: Adobe Security Bulletin

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2021-44705: Adobe Security Bulletin

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2021-44705: Adobe Security Bulletin

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2021-44705: Adobe Security Bulletin

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2021-44705: Adobe Security Bulletin

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2021-44705: Adobe Security Bulletin

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2021-44705: Adobe Security Bulletin

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2021-44705: Adobe Security Bulletin

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-22990: WDC-22002 My Cloud OS 5 Firmware 5.19.117 | Western Digital

A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts.

CVE-2021-40161: Security Advisories | Autodesk Trust Center

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.

CVE-2021-40783: Adobe Security Bulletin

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

CVE-2021-44790: Apache HTTP Server 2.4 vulnerabilities

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

CVE-2021-43238

Windows Remote Access Elevation of Privilege Vulnerability

CVE-2021-43237

Windows Setup Elevation of Privilege Vulnerability

CVE-2021-34859: August Updates - Security Patches

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13697.

CVE-2021-30844: About the security content of macOS Big Sur 11.6

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A remote attacker may be able to leak memory.

CVE-2021-30844: About the security content of macOS Big Sur 11.6

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A remote attacker may be able to leak memory.

CVE-2021-31006: About the security content of tvOS 14.7

Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 7.6, tvOS 14.7, macOS Big Sur 11.5. A malicious application may be able to bypass certain Privacy preferences.

CVE-2021-30928: About the security content of iOS 15 and iPadOS 15

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6, watchOS 8, tvOS 15, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2021-30972: About the security content of macOS Big Sur 11.6.3

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-001 Catalina, macOS Big Sur 11.6.3. A malicious application may be able to bypass certain Privacy preferences.

CVE-2021-30928: About the security content of iOS 15 and iPadOS 15

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6, watchOS 8, tvOS 15, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2021-30903: About the security content of iOS 14.8.1 and iPadOS 14.8.1

This issue was addressed with improved checks. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1. A local attacker may be able to cause unexpected application termination or arbitrary code execution.

CVE-2021-30935: About the security content of macOS Big Sur 11.6.2

A logic issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges.

CVE-2021-30972: About the security content of macOS Big Sur 11.6.3

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-001 Catalina, macOS Big Sur 11.6.3. A malicious application may be able to bypass certain Privacy preferences.

CVE-2021-30957: About the security content of watchOS 8.3

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Processing a maliciously crafted audio file may lead to arbitrary code execution.

CVE-2021-30956: About the security content of iOS 15.2 and iPadOS 15.2

A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. An attacker with physical access to a device may be able to see private contact information.

CVE-2021-30977: About the security content of macOS Monterey 12.1

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2021-30999: About the security content of iOS 14.6 and iPadOS 14.6

The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.6 and iPadOS 14.6. A user may be unable to fully delete browsing history.

CVE-2021-30913: About the security content of macOS Monterey 12.0.1

The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.1. An unprivileged application may be able to edit NVRAM variables.

CVE-2021-30935: About the security content of macOS Big Sur 11.6.2

A logic issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges.

CVE-2021-30957: About the security content of watchOS 8.3

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Processing a maliciously crafted audio file may lead to arbitrary code execution.

CVE-2021-30956: About the security content of iOS 15.2 and iPadOS 15.2

A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. An attacker with physical access to a device may be able to see private contact information.

CVE-2021-30906: About the security content of tvOS 15.1

This issue was addressed with improved checks. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. A local attacker may be able to elevate their privileges.

CVE-2021-30977: About the security content of macOS Monterey 12.1

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2021-30935: About the security content of macOS Big Sur 11.6.2

A logic issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges.

CVE-2021-30956: About the security content of iOS 15.2 and iPadOS 15.2

A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. An attacker with physical access to a device may be able to see private contact information.

CVE-2021-30977: About the security content of macOS Monterey 12.1

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2021-30922: About the security content of macOS Big Sur 11.6.1

Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2021-27040: Security Advisories | Autodesk Trust Center

A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code.

CVE-2020-11987: The Apache(tm) XML Graphics Project

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

CVE-2020-9490: Apache HTTP Server 2.4 vulnerabilities

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907