CVE-2023-29315 – [FG-VD-23-008] Adobe InDesign 2023 Out-of-Bound Read Vulnerability VI Notification
https://notcve.org/view.php?id=CVE-2023-29315
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/indesign/apsb23-38.html • CWE-125: Out-of-bounds Read •
CVE-2023-29319 – [FG-VD-23-010] Adobe InDesign 2023 Out-of-Bound Read Vulnerability VII Notification
https://notcve.org/view.php?id=CVE-2023-29319
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/indesign/apsb23-38.html • CWE-125: Out-of-bounds Read •
CVE-2023-29310 – [FG-VD-23-007] Adobe InDesign 2023 Out-of-Bound Read Vulnerability V Notification
https://notcve.org/view.php?id=CVE-2023-29310
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/indesign/apsb23-38.html • CWE-125: Out-of-bounds Read •
CVE-2023-24491
https://notcve.org/view.php?id=CVE-2023-24491
A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM. • https://support.citrix.com/article/CTX561480/citrix-secure-access-client-for-windows-security-bulletin-for-cve202324491 • CWE-269: Improper Privilege Management •
CVE-2023-36884 – Microsoft Windows Search Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-36884
Windows Search Remote Code Execution Vulnerability Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code execution. • https://github.com/jakabakos/CVE-2023-36884-MS-Office-HTML-RCE https://github.com/Maxwitat/CVE-2023-36884-Scripts-for-Intune-Remediation-SCCM-Compliance-Baseline https://github.com/tarraschk/CVE-2023-36884-Checker https://github.com/zerosorai/CVE-2023-36884 https://github.com/raresteak/CVE-2023-36884 https://github.com/ridsoliveira/Fix-CVE-2023-36884 https://github.com/ToddMaxey/CVE-2023-36884 http://seclists.org/fulldisclosure/2023/Jul/43 https://msrc.microsoft.com/update-guide/vulner • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •