CVSS: 7.8EPSS: 32%CPEs: 6EXPL: 0CVE-2023-26422 – ZDI-CAN-20176: Adobe Acrobat Reader DC AcroForm deleteItemAt Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-26422
Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb23-24.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 32%CPEs: 6EXPL: 0CVE-2023-26423 – ZDI-CAN-20160: Adobe Acrobat Reader DC AcroForm insertItemAt Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-26423
Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb23-24.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 32%CPEs: 6EXPL: 0CVE-2023-26424 – ZDI-CAN-19833: Adobe Acrobat Reader DC PDF Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-26424
Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb23-24.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2023-28489 – Siemens A8000 CP-8050 / CP-8031 Code Execution / Command Injection
https://notcve.org/view.php?id=CVE-2023-28489
The parameter is disabled by default. The vulnerability could allow an unauthenticated remote attacker to perform arbitrary code execution on the device. • http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html http://seclists.org/fulldisclosure/2023/Jul/14 https://cert-portal.siemens.com/productcert/pdf/ssa-472454.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-26293
https://notcve.org/view.php?id=CVE-2023-26293
If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution. ... If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution. • https://cert-portal.siemens.com/productcert/pdf/ssa-116924.pdf https://cert-portal.siemens.com/productcert/html/ssa-116924.html • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •