CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2023-30987 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2023-30987
16 Oct 2023 — IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440. IBM Db2 para Linux, UNIX y Windows (incluyendo Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a la Denegación de Servicio con una consulta especialmente manipulada en determinadas bases de datos. ID de IBM X-Force: 253440. • https://exchange.xforce.ibmcloud.com/vulnerabilities/253440 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38217 – ZDI-CAN-21403: Adobe Bridge Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-38217
11 Oct 2023 — Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 12.0.4 (y anteriores) y 13.0.3 (y anteriores) de Adobe Bridge se ven afectadas por una vulnerabilidad de Lectura Fuera de los Límites que podría pr... • https://helpx.adobe.com/security/products/bridge/apsb23-49.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38216 – ZDI-CAN-21404: Adobe Bridge Font Parsing Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-38216
11 Oct 2023 — Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 12.0.4 (y anteriores) y 13.0.3 (y anteriores) de Adobe Bridge se ven afectadas por una vulnerabilidad Use After Free, que podría provocar la divulgación... • https://helpx.adobe.com/security/products/bridge/apsb23-49.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-26370 – ZDI-CAN-21257: Adobe Photoshop PSD File Parsing Uninitialized Variable Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-26370
11 Oct 2023 — Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 23.5.5 (y anteriores) y 24.7 (y anteriores) de Adobe Photoshop se ven afectadas por una vulnerabilidad de Acceso al Puntero No Inicializado, que podría provocar la ejecución de código ... • https://helpx.adobe.com/security/products/photoshop/apsb23-51.html • CWE-824: Access of Uninitialized Pointer •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 9CVE-2023-38545 – curl: heap based buffer overflow in the SOCKS5 proxy handshake
https://notcve.org/view.php?id=CVE-2023-38545
11 Oct 2023 — This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong ... • https://github.com/d0rb/CVE-2023-38545 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2023-36436 – Windows MSHTML Platform Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-36436
10 Oct 2023 — Windows MSHTML Platform Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en Windows MSHTML Platform • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36436 •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-36743 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36743
10 Oct 2023 — Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Win32k • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36743 • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 14EXPL: 0CVE-2023-36776 – Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36776
10 Oct 2023 — Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Win32k • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36776 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-36790 – Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36790
10 Oct 2023 — Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Windows RDP Encoder Mirror Driver • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36790 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-38159 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-38159
10 Oct 2023 — Windows Graphics Component Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Windows Graphics Component This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of GPU mapped memory. The issue results from the lack of proper locking when perfor... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38159 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-591: Sensitive Data Storage in Improperly Locked Memory •