CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2023-46223 – Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-46223
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Un atacante que envía paquetes de datos especialmente manipulados a Mobile Device Server puede provocar daños en la memoria, lo que podría provocar una denegación de servicio (DoS) o la ejecución de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. • https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 24EXPL: 0CVE-2023-48676
https://notcve.org/view.php?id=CVE-2023-48676
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943. Divulgación y manipulación de información sensible por falta de autorización. Los siguientes productos se ven afectados: Acronis Cyber Protect Cloud Agent (Windows) anterior a la compilación 36943. • https://security-advisory.acronis.com/advisories/SEC-5905 • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-6407 – Schneider Electric APC Easy UPS Online deletePdfReportFile Directory Traversal Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-6407
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker. Existe una vulnerabilidad CWE-22: limitación inadecuada de un nombre de ruta a un directorio restringido ("Path Traversal") que podría causar la eliminación arbitraria de archivos al reiniciar el servicio cuando un atacante local y con pocos privilegios accede a él. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Schneider Electric APC Easy UPS Online. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the deletePdfReportFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-346-03.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-41151
https://notcve.org/view.php?id=CVE-2023-41151
An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing. Un problema de excepción no detectado descubierto en Softing OPC UA C++ SDK anterior a 6.30 para el sistema operativo Windows puede causar que la aplicación falle cuando el servidor quiere enviar un paquete de error, mientras el socket está bloqueado al escribir. • https://industrial.softing.com/fileadmin/psirt/downloads/2023/syt-2023-3.html • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-48633 – ZDI-CAN-22173: Adobe After Effects AEP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-48633
Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 24.0.3 (y anteriores) y 23.6.0 (y anteriores) de Adobe After Effects se ven afectadas por una vulnerabilidad Use After Free que podría provocar la ejecución de código arbitrario en el contexto del usuario actual. La explotación de este problema requiere la interacción del usuario, ya que la víctima debe abrir un archivo malicioso. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. • https://helpx.adobe.com/security/products/after_effects/apsb23-75.html • CWE-416: Use After Free •