CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25904 – Adobe Dimension Out-of-bounds Read USDZ file Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-25904
Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/dimension/apsb23-20.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47924 – Arbitrary Code Execution using the validate function of csaf-validator-lib
https://notcve.org/view.php?id=CVE-2022-47924
An high privileged attacker may pass crafted arguments to the validate function of csaf-validator-lib of a locally installed Secvisogram in versions < 0.1.0 wich can result in arbitrary code execution and DoS once the users triggers the validation. • https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0004.json • CWE-20: Improper Input Validation •
CVSS: 4.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-22249 – Adobe Commerce Stored XSS Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-22249
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. • https://helpx.adobe.com/security/products/magento/apsb23-17.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25908 – Adobe Photoshop SVG file Use After Free Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-25908
Adobe Photoshop versions 23.5.3 (and earlier) and 24.1.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/photoshop/apsb23-23.html • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24835 – Softnext SPAM SQR - Code Injection
https://notcve.org/view.php?id=CVE-2023-24835
Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. • https://www.twcert.org.tw/tw/cp-132-6955-c7612-1.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •