Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Base Score: 7.8 HIGH
https://helpx.adobe.com/security/products/indesign/apsb23-07.html
_____________________________________________________________________
Description
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Base Score: 7.8 HIGH
https://helpx.adobe.com/security/products/indesign/apsb23-07.html
__________________________________________________________
Description
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Base Score: 7.8 HIGH
https://helpx.adobe.com/security/products/indesign/apsb23-07.html
_____________________________________________________________
Description
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Base Score: 7.3 HIGH
https://helpx.adobe.com/security/products/incopy/apsb23-08.html
CVE-2022-4328 Description The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server Base Score: 9.8 CRITICAL https://wpscan.com/vulnerability/4dc72cd2-81d7-4a66-86bd-c9cfaf690eed
CVE-2022-4043 Description The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. Base Score: 7.2 HIGH https://wpscan.com/vulnerability/ffff8c83-0a59-450a-9b40-c7f3af7205fc __________________________________ CVE-2022-3679 Description The Starter Templates by Kadence WP WordPress plugin before 1.2.17 […]
CVE-2021-3120 Description An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must be able to place a valid Gift […]
Leave a Reply