CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-2007 – Linux Kernel DPT I2O Controller Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-2007
The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DPT I2O Controller driver. • https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2a0 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20240119-0011 https://www.debian.org/security/2023/dsa-5480 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25010 – Autodesk Maya USD File Parsing Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-25010
A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk Maya. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of USD files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003 • CWE-665: Improper Initialization •
CVSS: 6.5EPSS: 3%CPEs: 1EXPL: 3CVE-2023-22897 – SecurePoint UTM 12.x Memory Leak
https://notcve.org/view.php?id=CVE-2023-22897
The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. ... SecurePoint UTM versions 12.x suffers from a memory leak vulnerability via the spcgi.cgi endpoint. • http://packetstormsecurity.com/files/171928/SecurePoint-UTM-12.x-Memory-Leak.html http://seclists.org/fulldisclosure/2023/Apr/8 https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2023-22897.txt https://rcesecurity.com • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26375 – ZDI-CAN-20231: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-26375
Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of USD files. • https://helpx.adobe.com/security/products/dimension/apsb23-27.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26376 – ZDI-CAN-20155: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-26376
Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of USD files. • https://helpx.adobe.com/security/products/dimension/apsb23-27.html • CWE-125: Out-of-bounds Read •