Category Archives: Advisories

CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used

July 7, 2022

Read Time:25 Second

Posted by Aki Tuomi via Fulldisclosure on Jul 06

Affected product: Dovecot IMAP Server
Internal reference: DOV-5320
Vulnerability type: Improper Access Control (CWE-284)
Vulnerable version: 2.2
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed in main
Researcher credits: Julian Brook (julezman)
Vendor notification: 2022-05-06
CVE reference: CVE-2022-30550
CVSS: 6.8 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)

Vulnerability Details:
When two passdb…

Advisories

ZDI-22-952: Foxit PDF Reader Annotation modDate Out-Of-Bounds Read Information Disclosure Vulnerability

July 7, 2022

Read Time:12 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Advisories

ZDI-22-951: Foxit PDF Reader Doc Object color Out-Of-Bounds Read Information Disclosure Vulnerability

July 7, 2022

Read Time:12 Second

Advisories

ZDI-22-950: Foxit PDF Reader newConnection Out-Of-Bounds Read Information Disclosure Vulnerability

July 7, 2022

Read Time:12 Second

Advisories

ZDI-22-958: SAP 3D Visual Enterprise Viewer EPS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

July 7, 2022

Read Time:12 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Advisories

ZDI-22-957: SAP 3D Visual Enterprise Viewer BPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

July 7, 2022

Read Time:12 Second

Advisories

ZDI-22-956: SAP 3D Visual Enterprise Viewer HDR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

July 7, 2022

Read Time:12 Second

Advisories

ZDI-22-955: Sante PACS Server SQL Injection Authentication Bypass Vulnerability

July 7, 2022

Read Time:7 Second

This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-22-954: Centreon Virtual Metrics SQL Injection Information Disclosure Vulnerability

July 7, 2022

Read Time:6 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability.

Advisories

ZDI-22-953: Centreon Poller Resource SQL Injection Privilege Escalation Vulnerability

July 7, 2022

Read Time:6 Second

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability.

Cyber Security News

Category Archives: Advisories

CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used

ZDI-22-952: Foxit PDF Reader Annotation modDate Out-Of-Bounds Read Information Disclosure Vulnerability

ZDI-22-951: Foxit PDF Reader Doc Object color Out-Of-Bounds Read Information Disclosure Vulnerability

ZDI-22-950: Foxit PDF Reader newConnection Out-Of-Bounds Read Information Disclosure Vulnerability

ZDI-22-958: SAP 3D Visual Enterprise Viewer EPS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-22-957: SAP 3D Visual Enterprise Viewer BPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-22-956: SAP 3D Visual Enterprise Viewer HDR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-22-955: Sante PACS Server SQL Injection Authentication Bypass Vulnerability

ZDI-22-954: Centreon Virtual Metrics SQL Injection Information Disclosure Vulnerability

ZDI-22-953: Centreon Poller Resource SQL Injection Privilege Escalation Vulnerability

News, Advisories and much more