CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-47047 – ZDI-CAN-21685: Adobe Audition MP4 File Parsing Uninitialized Variable Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-47047
15 Nov 2023 — Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/audition/apsb23-64.html • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 45%CPEs: 8EXPL: 0CVE-2023-44359 – ZDI-CAN-21936: Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44359
15 Nov 2023 — Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm • CWE-416: Use After Free •
CVSS: 7.8EPSS: 45%CPEs: 8EXPL: 0CVE-2023-44367 – ZDI-CAN-21929: Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44367
15 Nov 2023 — Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm • CWE-416: Use After Free •
CVSS: 7.8EPSS: 10%CPEs: 4EXPL: 0CVE-2023-47055 – ZDI-CAN-21765: Adobe Premiere Pro M4A File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-47055
15 Nov 2023 — Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46121 – Generic Extractor MITM Vulnerability in yt-dlp
https://notcve.org/view.php?id=CVE-2023-46121
14 Nov 2023 — Multiple vulnerabilities have been found in yt-dlp, the worst of which could result in arbitrary code execution. • https://github.com/yt-dlp/yt-dlp/commit/f04b5bedad7b281bee9814686bba1762bae092eb • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 8.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-45626
https://notcve.org/view.php?id=CVE-2023-45626
14 Nov 2023 — An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt • CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-48217 – Remote code execution via form uploads in statamic/cms
https://notcve.org/view.php?id=CVE-2023-48217
14 Nov 2023 — Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fields in the control panel. Malicious users could leverage this vulnerability to upload and execute code. This issue has been patched in versions 3.4.14 and 4.34.0. • https://github.com/statamic/cms/commit/4c6fe041e2203a8033e5949ce4a5d9d6c0ad2411 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 82EXPL: 0CVE-2023-36049 – .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36049
14 Nov 2023 — .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en .NET, .NET Framework y Visual Studio A vulnerability was found in FormatFtpCommand in the .NET package that may result in a CRLF injection arbitrary file write and deletion. This vulnerability allows remote attackers to create or delete arbitrary files on FTP servers implemented using affected versions of Microsoft .NET. Interaction with the .NET framework is required to exploit this vu... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36049 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-36437 – Azure DevOps Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-36437
14 Nov 2023 — Azure DevOps Server Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código del servidor Azure DevOps • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36437 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 128EXPL: 0CVE-2023-20596
https://notcve.org/view.php?id=CVE-2023-20596
14 Nov 2023 — Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7011 •