CVSS: 10.0EPSS: 1%CPEs: 19EXPL: 0CVE-2023-44353 – ColdFusion WDDX Deserialization Gadgets
https://notcve.org/view.php?id=CVE-2023-44353
17 Nov 2023 — Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. • https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 19EXPL: 0CVE-2023-44350 – ColdFusion | Deserialization of Untrusted Data (CWE-502)
https://notcve.org/view.php?id=CVE-2023-44350
17 Nov 2023 — Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. • https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-6016 – H2O Remote Code Execution via POJO Model Import
https://notcve.org/view.php?id=CVE-2023-6016
16 Nov 2023 — An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature. Un atacante puede obtener la ejecución remota de código en un servidor que aloja el panel de H2O a través de su función de importación de modelo POJO. • https://huntr.com/bounties/83dd17ec-053e-453c-befb-7d6736bf1836 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-44330 – Adobe Photoshop 2023 CC 24.7 Memory Corruption Vulnerability III.
https://notcve.org/view.php?id=CVE-2023-44330
16 Nov 2023 — Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/photoshop/apsb23-56.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 45%CPEs: 8EXPL: 0CVE-2023-44371 – ZDI-CAN-21998: Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44371
16 Nov 2023 — Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 0CVE-2023-44336 – TALOS-2023-1794 - Adobe Acrobat Reader Thermometer use-after-free vulnerability
https://notcve.org/view.php?id=CVE-2023-44336
16 Nov 2023 — Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-44372 – TALOS-2023-1842 - Adobe Acrobat Reader U3D page event use-after-free vulnerability
https://notcve.org/view.php?id=CVE-2023-44372
16 Nov 2023 — Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-32469
https://notcve.org/view.php?id=CVE-2023-32469
16 Nov 2023 — A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution. • https://www.dell.com/support/kbdoc/en-us/000216242/dsa-2023-223-security-update-for-a-dell-precision-tower-bios-vulnerability • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47003
https://notcve.org/view.php?id=CVE-2023-47003
16 Nov 2023 — An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted. Un problema en RedisGraph v.2.12.10 permite a un atacante ejecutar código arbitrario y provocar una denegación de servicio a través de una cadena manipulada en DataBlock_ItemIsDeleted. • https://github.com/RedisGraph/RedisGraph/issues/3063 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2023-47042 – ZDI-CAN-21696: Adobe Media Encoder MP4 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-47042
15 Nov 2023 — Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •