Security
Headlines
HeadlinesLatestCVEs

Tag

#pdf

Apple Security Advisory 2022-07-20-2

Apple Security Advisory 2022-07-20-2 - macOS Monterey 12.5 addresses bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities.

Packet Storm
Open in Source
#vulnerability#web#mac#windows#apple#dos#js#git#intel#pdf#auth#webkit#wifi
CVE-2022-34503: heap-buffer-overflow in `QPDF::processXRefStream` found by ASAN · Issue #701 · qpdf/qpdf

QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

CVE-2022-36131

The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to stored XSS via a crafted description to the PDF Templates overview page.

CVE-2022-2478: Chromium: CVE-2022-2478 Use after free in PDF

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) versions 1.31.460 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user via the name GET parameter in delsnap.pl Perl/CGI script which is used for deleting snapshots taken from the webcam.

IOTransfer 4.0 Remote Code Execution

IOTransfer version 4.0 suffers from a remote code execution vulnerability.

Microsoft Office Most Exploited Software in Malware Attacks – Report

By Deeba Ahmed Research reveals that around 80% of all malware attacks used MS Office flaws. Atlas VPN has shared its… This is a post from HackRead.com Read the original post: Microsoft Office Most Exploited Software in Malware Attacks – Report

CVE-2022-31475: GiveWP – Donation Plugin and Fundraising Platform

Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.

CVE-2022-30337: WP Meta SEO

Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta SEO plugin <= 4.4.8 at WordPress allows an attacker to update the social settings.

CVE-2022-0902

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node.