Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-2796 | 6 Canonical, Debian, Hp and 3 more | 14 Ubuntu Linux, Debian Linux, Xp7 Command View and 11 more | 2023-11-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2018-2795 | 6 Canonical, Debian, Hp and 3 more | 14 Ubuntu Linux, Debian Linux, Xp7 Command View and 11 more | 2023-11-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2018-2790 | 6 Canonical, Debian, Hp and 3 more | 13 Ubuntu Linux, Debian Linux, Xp7 Command View and 10 more | 2023-11-22 | 2.6 LOW | 3.1 LOW |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). | |||||
| CVE-2018-2814 | 6 Canonical, Debian, Hp and 3 more | 12 Ubuntu Linux, Debian Linux, Xp7 Command View and 9 more | 2023-11-22 | 5.1 MEDIUM | 8.3 HIGH |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2018-2799 | 7 Apache, Canonical, Debian and 4 more | 15 Xerces-j, Ubuntu Linux, Debian Linux and 12 more | 2023-11-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2018-2797 | 6 Canonical, Debian, Hp and 3 more | 14 Ubuntu Linux, Debian Linux, Xp7 Command View and 11 more | 2023-11-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2018-2794 | 6 Canonical, Debian, Hp and 3 more | 14 Ubuntu Linux, Debian Linux, Xp7 Command View and 11 more | 2023-11-22 | 3.7 LOW | 7.7 HIGH |
| Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2023-25071 | 2 Intel, Microsoft | 3 Arc A Graphics, Iris Xe Graphics, Windows | 2023-11-22 | N/A | 5.5 MEDIUM |
| NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows Drviers before version 31.0.101.4255 may allow authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-24229 | 1 Draytek | 2 Vigor2960, Vigor2960 Firmware | 2023-11-22 | N/A | 7.8 HIGH |
| DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-5079 | 1 Lenovo | 1 Lecloud | 2023-11-22 | N/A | 7.5 HIGH |
| Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure. | |||||
| CVE-2023-47514 | 1 Star-emea | 1 Star Cloudprnt For Woocommerce | 2023-11-22 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in lawrenceowen, gcubero, acunnningham, fmahmood Star CloudPRNT for WooCommerce plugin <= 2.0.3 versions. | |||||
| CVE-2023-4706 | 1 Lenovo | 1 Preload Directory | 2023-11-22 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges. | |||||
| CVE-2023-48056 | 1 Bandoche | 1 Pypinksign | 2023-11-22 | N/A | 7.5 HIGH |
| PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications. | |||||
| CVE-2023-48055 | 1 Superagi | 1 Superagi | 2023-11-22 | N/A | 7.5 HIGH |
| SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications. | |||||
| CVE-2023-48134 | 1 Linecorp | 1 Line | 2023-11-22 | N/A | 7.5 HIGH |
| nagayama_copabowl Line 13.6.1 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. | |||||
| CVE-2023-47511 | 1 So-wp | 1 Pinyin Slugs | 2023-11-22 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SO WP Pinyin Slugs plugin <= 2.3.0 versions. | |||||
| CVE-2023-47687 | 1 Vjinfotech | 1 Woo Custom And Sequential Order Number | 2023-11-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in VJInfotech Woo Custom and Sequential Order Number plugin <= 2.6.0 versions. | |||||
| CVE-2023-47686 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2023-11-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.2.2 versions. | |||||
| CVE-2023-47025 | 1 Free5gc | 1 Free5gc | 2023-11-22 | N/A | 5.5 MEDIUM |
| An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component. | |||||
| CVE-2023-47066 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2023-11-22 | N/A | 7.8 HIGH |
| Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47067 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2023-11-22 | N/A | 7.8 HIGH |
| Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47068 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2023-11-22 | N/A | 7.8 HIGH |
| Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47069 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2023-11-22 | N/A | 7.8 HIGH |
| Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47070 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2023-11-22 | N/A | 7.8 HIGH |
| Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47073 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2023-11-22 | N/A | 7.8 HIGH |
| Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47072 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2023-11-22 | N/A | 3.3 LOW |
| Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-22272 | 2 Adobe, Microsoft | 2 Robohelp Server, Windows | 2023-11-22 | N/A | N/A |
| Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-22268 | 2 Adobe, Microsoft | 2 Robohelp Server, Windows | 2023-11-22 | N/A | N/A |
| Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-22275 | 2 Adobe, Microsoft | 2 Robohelp Server, Windows | 2023-11-22 | N/A | N/A |
| Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-22274 | 2 Adobe, Microsoft | 2 Robohelp Server, Windows | 2023-11-22 | N/A | N/A |
| Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-22273 | 2 Adobe, Microsoft | 2 Robohelp Server, Windows | 2023-11-22 | N/A | N/A |
| Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-44325 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2023-11-22 | N/A | 5.5 MEDIUM |
| Adobe Animate versions 23.0.2 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-48013 | 1 Gpac | 1 Gpac | 2023-11-22 | N/A | 7.8 HIGH |
| GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c. | |||||
| CVE-2023-48011 | 1 Gpac | 1 Gpac | 2023-11-22 | N/A | 7.8 HIGH |
| GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c. | |||||
| CVE-2023-48014 | 1 Gpac | 1 Gpac | 2023-11-22 | N/A | 7.8 HIGH |
| GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c. | |||||
| CVE-2023-47060 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2023-11-22 | N/A | N/A |
| Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47059 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2023-11-22 | N/A | N/A |
| Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-45622 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2023-11-22 | N/A | 7.5 HIGH |
| Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point. | |||||
| CVE-2023-45621 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2023-11-22 | N/A | 7.5 HIGH |
| Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point. | |||||
| CVE-2023-45620 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2023-11-22 | N/A | 7.5 HIGH |
| Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point. | |||||
| CVE-2023-45623 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2023-11-22 | N/A | 7.5 HIGH |
| Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point. | |||||
| CVE-2023-47058 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2023-11-22 | N/A | 7.8 HIGH |
| Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47057 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2023-11-22 | N/A | N/A |
| Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47056 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2023-11-22 | N/A | N/A |
| Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47055 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2023-11-22 | N/A | N/A |
| Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-44336 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-11-22 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-44338 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-11-22 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-44337 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-11-22 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-45624 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2023-11-22 | N/A | 7.5 HIGH |
| An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point. | |||||
| CVE-2023-37276 | 1 Aiohttp | 1 Aiohttp | 2023-11-22 | N/A | 7.5 HIGH |
| aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an HTTP server (ie `aiohttp.Application`), you are not affected by this vulnerability if you are using aiohttp as an HTTP client library (ie `aiohttp.ClientSession`). Sending a crafted HTTP request will cause the server to misinterpret one of the HTTP header values leading to HTTP request smuggling. This issue has been addressed in version 3.8.5. Users are advised to upgrade. Users unable to upgrade can reinstall aiohttp using `AIOHTTP_NO_EXTENSIONS=1` as an environment variable to disable the llhttp HTTP request parser implementation. The pure Python implementation isn't vulnerable. | |||||