CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-42525
https://notcve.org/view.php?id=CVE-2023-42525
18 Sep 2023 — Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. Ciertos productos WithSecure permi... • https://www.withsecure.com/en/support/security-advisories • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 2CVE-2023-4973 – Academy LMS GET Parameter filter cross site scripting
https://notcve.org/view.php?id=CVE-2023-4973
15 Sep 2023 — A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument searched_word/searched_tution_class_type[]/searched_price_type[]/searched_duration[] leads to cross site scripting. The attack can be launched remotely. • https://packetstorm.news/files/id/174680 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 4CVE-2022-47631 – Razer Synapse Race Condition / DLL Hijacking
https://notcve.org/view.php?id=CVE-2022-47631
14 Sep 2023 — Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if it detects malicious DLLs in this directory, attackers can exploit a race condition and replace a valid DLL (i.e., a copy of a legitimate Razer DLL) with a malicious DLL... • https://packetstorm.news/files/id/174696 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-3280 – Cortex XDR Agent: Local Windows User Can Disable the Agent
https://notcve.org/view.php?id=CVE-2023-3280
13 Sep 2023 — A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent. Un problema con un mecanismo de protección en el agente Cortex XDR de Palo Alto Networks en dispositivos Windows permite a un usuario local desactivar el agente. • https://security.paloaltonetworks.com/CVE-2023-3280 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 5%CPEs: 6EXPL: 0CVE-2023-26369 – Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2023-26369
13 Sep 2023 — Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones de Acrobat Reader 23.003.20284 (y anteriores), 20.005.30516 (y anteriores) y 20.005.30514 (y anteriores) se ven afectadas por una vulnerabilidad de Escritu... • https://helpx.adobe.com/security/products/acrobat/apsb23-34.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 2%CPEs: 12EXPL: 2CVE-2023-38039 – curl: out of heap memory issue due to missing limit on header quantity
https://notcve.org/view.php?id=CVE-2023-38039
13 Sep 2023 — When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory. Cuando curl recupera una respuesta HTTP, almacena los encabezados entrantes para que se pueda acceder a ellos más tarde a través de la API de encabezados libcur... • https://github.com/Smartkeyss/CVE-2023-38039 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2023-36788 – .NET Framework Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-36788
12 Sep 2023 — .NET Framework Remote Code Execution Vulnerability Vulnerabilidad de Ejecución Remota de Código de .NET Framework • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36788 •
CVSS: 7.8EPSS: 0%CPEs: 47EXPL: 0CVE-2023-36792 – Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-36792
12 Sep 2023 — Visual Studio Remote Code Execution Vulnerability Vulnerabilidad de Ejecución Remota de Códigode Visual Studio • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 48EXPL: 0CVE-2023-36793 – Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-36793
12 Sep 2023 — Visual Studio Remote Code Execution Vulnerability Vulnerabilidad de Ejecución Remota de Código de Visual Studio • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 48EXPL: 0CVE-2023-36794 – Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-36794
12 Sep 2023 — Visual Studio Remote Code Execution Vulnerability Vulnerabilidad de Ejecución Remota de Código de Visual Studio • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794 • CWE-191: Integer Underflow (Wrap or Wraparound) •