CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 2CVE-2023-27470
https://notcve.org/view.php?id=CVE-2023-27470
11 Sep 2023 — BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion. BASupSrvcUpdater.exe en N-able Take Control Agent hasta 7.0.41.1141 anterior a 7.0.43 tiene una Condición de Ejecución TOCTOU a través de un pseudoenlace simbólico en %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, lo que lleva a la eliminación arbitraria de archivos. • https://github.com/3lp4tr0n/CVE-2023-27470_Exercise • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-40723 – Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-40723
07 Sep 2023 — Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 2020.013.20074 (y anteriores), 2020.001.30018 (y anteriores) y 2017.011.30188 (y anteri... • https://helpx.adobe.com/security/products/acrobat/apsb21-09.html • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0925 – Software AG webMethods OneData Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2023-0925
06 Sep 2023 — Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a single, dynamically assigned TCP high port). Port 2099 serves as a Java Remote Method Invocation (RMI) registry which allows for remotely loading and processing data via RMI interfaces. An unauthenticated attacker with network connectivity to the RMI registry and RMI interface ports can abuse this functionality ... • https://www.softwareag.com/en_corporate/platform/integration-apis/webmethods-integration.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-39859 – Use After Free Adobe Acrobat Pro DC [HB-21-0339]
https://notcve.org/view.php?id=CVE-2021-39859
06 Sep 2023 — Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 2021.005.20060 (y anteriores), 2020.004.30006 (y anteriores) y 2017.011.30199 (y anteriores) de Acrob... • https://helpx.adobe.com/security/products/acrobat/apsb21-55.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36060 – Adobe Media Encoder MPEG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-36060
06 Sep 2023 — Adobe Media Encoder version 15.2 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Adobe Media Encoder versión 15.2 (y anteriores) está afectado por una vulnerabilidad de lectura fuera de los límites que podría provocar la divulgación de memoria sensible. Un atacant... • https://helpx.adobe.com/security/products/media-encoder/apsb21-43.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-35980 – Adobe Acrobat Reader SpellDictionaryExport Path Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35980
06 Sep 2023 — Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 2021.005.20054 (y anteriores), 2020.004.30005 (y anteriores) y 2017.011.30197 (y anteriores) de Acr... • https://helpx.adobe.com/security/products/acrobat/apsb21-51.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-28644 – Adobe Acrobat SpellDictionaryCreate Path Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-28644
06 Sep 2023 — Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 2021.005.20054 (y anteriores), 2020.004.30005 (y anteriores) y 2017.011.30197 (y anteriores) de Acr... • https://helpx.adobe.com/security/products/acrobat/apsb21-51.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-31132 – Cacti Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-31132
05 Sep 2023 — Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The user can then execute the PHP files under the security context of SYSTEM. This allows an attacker to escalate privilege from a normal user account to SYSTEM. • https://github.com/Cacti/cacti/security/advisories/GHSA-rf5w-pq3f-9876 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4688
https://notcve.org/view.php?id=CVE-2023-4688
31 Aug 2023 — Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35433. Se filtra información confidencial a través de archivos de registro. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilación 35433. • https://security-advisory.acronis.com/advisories/SEC-5782 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41751
https://notcve.org/view.php?id=CVE-2023-41751
31 Aug 2023 — Sensitive information disclosure due to improper token expiration validation. The following products are affected: Acronis Agent (Windows) before build 32047. Divulgación de información confidencial debido a una validación inadecuada de la caducidad del token. Los siguientes productos se ven afectados: Acronis Agent (Windows) anterior a la compilación 32047. • https://security-advisory.acronis.com/advisories/SEC-5615 • CWE-287: Improper Authentication •