Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
// weekly digest
// weekly digest
// weekly digest
2021-11-15 00:00 UTC 2021-11-21 23:59 UTC
// total
0
// critical
0
// high
0
// medium
0
// low
0
// new kev
4
// top critical
No CRITICAL CVEs published this week.
// top high
No HIGH CVEs published this week.
// new kev additions
Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
Unspecified vulnerability allows for an authenticated user to escalate privileges.
An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.
A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution.