Topic

PHP

A collection of 32 issues

CVE-2022-39220 SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are vulnerable to Cross-site scripting (XSS) attacks due to a WebClient bug. An update is available.

SFTPGo is susceptible to Cross-site scripting (XSS) vulnerabilities in the WebClient component. According to the vendor, these vulnerabilities have been fixed in version 2.3.5. No known workarounds exist. SFTPGo is susceptible to Cross-site scripting (XSS) vulnerabilities in the WebClient component. According to the vendor, these vulnerabilities have been
2 min read

CVE-2022-38402 Adobe InCopy versions 17.3 and earlier are vulnerable to a Heap-based Buffer Overflow that could give remote code execution to the user who runs the affected application.

In the majority of cases, InCopy will close the file before the user has a chance to open it. This prevents InCopy from being exploited. However, in the event that a user were to open a malicious file, an attacker could leverage other vulnerabilities to exploit InCopy. CVE-2018-5704: Heap-Based Buffer
1 min read

CVE-2022-38401 Adobe InCopy versions 17.3 and earlier are vulnerable to a Heap-based Buffer Overflow that could give remote code execution to the user who runs the affected application.

In the majority of cases, InCopy will close the file before the user has a chance to open it. This prevents InCopy from being exploited. However, in the event that a user were to open a malicious file, an attacker could leverage other vulnerabilities to exploit InCopy. CVE-2018-5704: Heap-Based Buffer
1 min read
Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe