CVE-2023-38212 – ZDI-CAN-21093: Adobe Dimension GLB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-38212
Adobe Dimension version 3.4.9 is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/dimension/apsb23-44.html • CWE-122: Heap-based Buffer Overflow •
CVE-2023-38211 – ZDI-CAN-21078: Adobe Dimension GLB File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-38211
Adobe Dimension version 3.4.9 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/dimension/apsb23-44.html • CWE-416: Use After Free •
CVE-2023-38208 – Validate Your Inputs | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
https://notcve.org/view.php?id=CVE-2023-38208
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. • https://helpx.adobe.com/security/products/magento/apsb23-42.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-33469
https://notcve.org/view.php?id=CVE-2023-33469
In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level. • http://kramerav.com https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33469 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-20589 – fTPM Voltage Fault Injection
https://notcve.org/view.php?id=CVE-2023-20589
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005 •