This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Category Archives: Advisories
ZDI-22-1006: Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1005: Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1004: Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1003: Adobe InDesign Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1002: Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1011: Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1010: Autodesk AutoCAD PRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
USN-5518-1: Linux kernel vulnerabilities
It was discovered that the eBPF implementation in the Linux kernel did not
properly prevent writes to kernel objects in BPF_BTF_LOAD commands. A
privileged local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-0500)
It was discovered that the Marvell NFC device driver implementation in the
Linux kernel did not properly perform memory cleanup operations in some
situations, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system) or execute
arbitrary code. (CVE-2022-1734)
Yongkang Jia discovered that the KVM hypervisor implementation in the Linux
kernel did not properly handle guest TLB mapping invalidation requests in
some situations. An attacker in a guest VM could use this to cause a denial
of service in the host OS (system crash). (CVE-2022-1789)
Duoming Zhou discovered a race condition in the NFC subsystem in the Linux
kernel, leading to a use-after-free vulnerability. A privileged local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-1974)
Duoming Zhou discovered that the NFC subsystem in the Linux kernel did not
properly prevent context switches from occurring during certain atomic
context operations. A privileged local attacker could use this to cause a
denial of service (system crash). (CVE-2022-1975)
Minh Yuan discovered that the floppy driver in the Linux kernel contained a
race condition in some situations, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-33981)
USN-5517-1: Linux kernel (OEM) vulnerabilities
It was discovered that the Atheros ath9k wireless device driver in the
Linux kernel did not properly handle some error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-1679)
It was discovered that the virtio RPMSG bus driver in the Linux kernel
contained a double-free vulnerability in certain error conditions. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2022-34494)