CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2023-46225 – Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-46225
19 Dec 2023 — An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Un atacante que envía paquetes de datos especialmente manipulados a Mobile Device Server puede provocar daños en la memoria, lo que podría provocar una denegación de servicio (DoS) o la ejecución de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication ... • https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2023-46259 – Ivanti Avalanche WLAvalancheService TV_FC Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-46259
19 Dec 2023 — An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Un atacante que envía paquetes de datos especialmente manipulados a Mobile Device Server puede provocar daños en la memoria, lo que podría provocar una denegación de servicio (DoS) o la ejecución de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication ... • https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2023-46223 – Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-46223
19 Dec 2023 — An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Un atacante que envía paquetes de datos especialmente manipulados a Mobile Device Server puede provocar daños en la memoria, lo que podría provocar una denegación de servicio (DoS) o la ejecución de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication ... • https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 24EXPL: 0CVE-2023-48676
https://notcve.org/view.php?id=CVE-2023-48676
14 Dec 2023 — Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943. Divulgación y manipulación de información sensible por falta de autorización. Los siguientes productos se ven afectados: Acronis Cyber Protect Cloud Agent (Windows) anterior a la compilación 36943. • https://security-advisory.acronis.com/advisories/SEC-5905 • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-6407 – Schneider Electric APC Easy UPS Online deletePdfReportFile Directory Traversal Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-6407
14 Dec 2023 — A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker. Existe una vulnerabilidad CWE-22: limitación inadecuada de un nombre de ruta a un directorio restringido ("Path Traversal") que podría causar la eliminación arbitraria de archivos al reiniciar el servicio cuando un atacante local y con pocos privilegios accede a él. This vulnerability ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-346-03.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-41151
https://notcve.org/view.php?id=CVE-2023-41151
14 Dec 2023 — An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing. Un problema de excepción no detectado descubierto en Softing OPC UA C++ SDK anterior a 6.30 para el sistema operativo Windows puede causar que la aplicación falle cuando el servidor quiere enviar un paquete de error, mientras el socket está bloqueado al escribir. • https://industrial.softing.com/fileadmin/psirt/downloads/2023/syt-2023-3.html • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-48633 – ZDI-CAN-22173: Adobe After Effects AEP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-48633
13 Dec 2023 — Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 24.0.3 (y anteriores) y 23.6.0 (y anteriores) de Adobe After Effects se ven afectadas por una vulnerabilidad Use After Free que podría provocar la ejecución de código arbitrario en el contexto del... • https://helpx.adobe.com/security/products/after_effects/apsb23-75.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-48634 – ZDI-CAN-22175: Adobe After Effects AEP File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-48634
13 Dec 2023 — Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 24.0.3 (y anteriores) y 23.6.0 (y anteriores) de Adobe After Effects se ven afectadas por una vulnerabilidad de validación de entrada incorrecta que podría provocar la ejecución de cód... • https://helpx.adobe.com/security/products/after_effects/apsb23-75.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-48635 – ZDI-CAN-22174: Adobe After Effects AEP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-48635
13 Dec 2023 — Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 24.0.3 (y anteriores) y 23.6.0 (y anteriores) de Adobe After Effects se ven afectadas por una vulnerabilidad de lectura fuera de los límites... • https://helpx.adobe.com/security/products/after_effects/apsb23-75.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-48632 – ZDI-CAN-22172: Adobe After Effects AEP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-48632
13 Dec 2023 — Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 24.0.3 (y anteriores) y 23.6.0 (y anteriores) de Adobe After Effects se ven afectadas por una vulnerabilidad de escritura fuera de los límites que podría provocar la ejecución de código arbi... • https://helpx.adobe.com/security/products/after_effects/apsb23-75.html • CWE-787: Out-of-bounds Write •