βΌ CVE-2023-38033 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39236 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40699 βΌ
π Read
via "National Vulnerability Database".
ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39422 βΌ
π Read
via "National Vulnerability Database".
TheΓ /irmdata/api/ endpoints exposed by theΓ IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are however exposed in a JavaScript file loaded on the client side, thus rendering this extra safety mechanism useless.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-43753 βΌ
π Read
via "National Vulnerability Database".
Adobe Lightroom versions 4.4 (and earlier) are affected by a use-after-free vulnerability in the processing of parsing TIF files that could result in privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-39421 βΌ
π Read
via "National Vulnerability Database".
The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted interaction with these services.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43751 βΌ
π Read
via "National Vulnerability Database".
Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42265 βΌ
π Read
via "National Vulnerability Database".
Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40723 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39424 βΌ
π Read
via "National Vulnerability Database".
A vulnerability inΓ RDPngFileUpload.dll, as used in theΓ IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but can be paired with another vulnerability in the platform (CVE-2023-39420, which grants access to hardcoded credentials) to carry the attack without having assigned credentials.Γ π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-3747 βΌ
π Read
via "National Vulnerability Database".
Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access to the device, could extend the maximum allowed disconnected time of WARP client granted by an override code by changing the date & time on the local device where WARP is running.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-40698 βΌ
π Read
via "National Vulnerability Database".
ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass??. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40795 βΌ
π Read
via "National Vulnerability Database".
Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36635 βΌ
π Read
via "National Vulnerability Database".
An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.27.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43027 βΌ
π Read
via "National Vulnerability Database".
Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40791 βΌ
π Read
via "National Vulnerability Database".
Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43018 βΌ
π Read
via "National Vulnerability Database".
Adobe Photoshop versions 23.0.2 and 22.5.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPG file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40790 βΌ
π Read
via "National Vulnerability Database".
Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42734 βΌ
π Read
via "National Vulnerability Database".
Adobe Photoshop version 22.5.1 ?and earlier?versions???are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39420 βΌ
π Read
via "National Vulnerability Database".
The RDPCore.dll component as used in the IRM Next Generation booking engine, allows a remote user to connect to customers with an "admin" account and a corresponding password computed daily by a routine inside the DLL file. Once reverse-engineered, this routine can help an attacker generate the daily password and connect to application customers. Given that this is an administrative account, anyone logging into a customer deployment has full, unrestricted access to the application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39423 βΌ
π Read
via "National Vulnerability Database".
The RDPData.dll file exposes theΓ /irmdata/api/common endpoint that handles session IDs, Γ among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obtain the currently valid sessions and impersonate a currently logged-in user.π Read
via "National Vulnerability Database".