CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-39859 – Use After Free Adobe Acrobat Pro DC [HB-21-0339]
https://notcve.org/view.php?id=CVE-2021-39859
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 2021.005.20060 (y anteriores), 2020.004.30006 (y anteriores) y 2017.011.30199 (y anteriores) de Acrobat Reader DC están afectadas por una vulnerabilidad de use-after-free que podría provocar la divulgación de memoria sensible. Un atacante podría aprovechar esta vulnerabilidad para omitir mitigaciones como ASLR. • https://helpx.adobe.com/security/products/acrobat/apsb21-55.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-35980 – Adobe Acrobat Reader SpellDictionaryExport Path Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35980
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 2021.005.20054 (y anteriores), 2020.004.30005 (y anteriores) y 2017.011.30197 (y anteriores) de Acrobat Reader DC están afectadas por una vulnerabilidad de Path traversal. Un atacante no autenticado podría aprovechar esta vulnerabilidad para lograr la ejecución de código arbitrario en el contexto del usuario actual. • https://helpx.adobe.com/security/products/acrobat/apsb21-51.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-28644 – Adobe Acrobat SpellDictionaryCreate Path Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-28644
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 2021.005.20054 (y anteriores), 2020.004.30005 (y anteriores) y 2017.011.30197 (y anteriores) de Acrobat Reader DC están afectadas por una vulnerabilidad de Path traversal. Un atacante no autenticado podría aprovechar esta vulnerabilidad para lograr la ejecución de código arbitrario en el contexto del usuario actual. • https://helpx.adobe.com/security/products/acrobat/apsb21-51.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-34352
https://notcve.org/view.php?id=CVE-2023-34352
A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails. Se ha solucionado un problema de permisos con la mejora de la redacción de información sensible. Este problema se ha solucionado en macOS Ventura 13.4, tvOS 16.5, iOS 16.5, iPadOS 16.5 y watchOS 9.5. • https://support.apple.com/en-us/HT213757 https://support.apple.com/en-us/HT213758 https://support.apple.com/en-us/HT213761 https://support.apple.com/en-us/HT213764 https://support.apple.com/kb/HT213757 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213761 https://support.apple.com/kb/HT213764 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32438
https://notcve.org/view.php?id=CVE-2023-32438
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences. Este problema ha sido abordado con comprobaciones mejoradas para evitar acciones no autorizadas. Este problema es corregido en tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 y iPadOS 16.3. • https://support.apple.com/en-us/HT213599 https://support.apple.com/en-us/HT213601 https://support.apple.com/en-us/HT213605 https://support.apple.com/en-us/HT213606 •