Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Category Archives: Advisories
USN-5179-2: BusyBox vulnerability
USN-5179-1 fixed vulnerabilities in BusyBox. This update provides the
corresponding updates for Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that BusyBox incorrectly handled certain malformed gzip
archives. If a user or automated system were tricked into processing a
specially crafted gzip archive, a remote attacker could use this issue to
cause BusyBox to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-28831)
rubygem-nokogiri-1.11.7-3.fc34
FEDORA-2022-0e5d64ce65
Packages in this update:
rubygem-nokogiri-1.11.7-3.fc34
Update description:
This rpm backports the patch for the issue for improper handling of unexpected data types, related to untrusted inputs to the SAX parsers, which is assigned as CVE-2022-29181
rubygem-nokogiri-1.13.1-3.fc35
FEDORA-2022-e9b2e1c1ac
Packages in this update:
rubygem-nokogiri-1.13.1-3.fc35
Update description:
This rpm backports the patch for the issue for improper handling of unexpected data types, related to untrusted inputs to the SAX parsers, which is assigned as CVE-2022-29181
rubygem-nokogiri-1.13.6-1.fc36
FEDORA-2022-0071328464
Packages in this update:
rubygem-nokogiri-1.13.6-1.fc36
Update description:
New version 1.13.6 is released. This rpm addresses the issue for improper handling of unexpected data types, related to untrusted inputs to the SAX parsers, which is assigned as CVE-2022-29181
New version 1.13.5 is released.
ZDI-22-756: Cisco RV340 JSON RPC set-snmp Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
ZDI-22-755: Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-754: Adobe Acrobat Pro DC Doc buttonSetIcon Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-753: Adobe Acrobat Pro DC Doc flattenPages Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-752: Adobe Character Animator SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Character Animator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.