Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2023-2921
Vulnerability from csaf_certbund
Published
2023-11-14 23:00
Modified
2023-11-14 23:00
Summary
Adobe Creative Cloud: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Adobe Creative Cloud umfasst Anwendungen und Dienste für Video, Design, Fotografie und Web.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Adobe Creative Cloud ausnutzen, um beliebigen Programmcode auszuführen, einen Cross-Site-Scripting-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- UNIX
- Linux
- MacOS X
- Windows
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Adobe Creative Cloud umfasst Anwendungen und Dienste f\u00fcr Video, Design, Fotografie und Web.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Adobe Creative Cloud ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- MacOS X\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2921 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2921.json" }, { "category": "self", "summary": "WID-SEC-2023-2921 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2921" }, { "category": "external", "summary": "Adobe Security Bulletin APSB23-65 vom 2023-11-14", "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html" }, { "category": "external", "summary": "Adobe Security Bulletin APSB23-63 vom 2023-11-14", "url": "https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html" }, { "category": "external", "summary": "Adobe Security Bulletin APSB23-55 vom 2023-11-14", "url": "https://helpx.adobe.com/security/products/indesign/apsb23-55.html" }, { "category": "external", "summary": "Adobe Security Bulletin APSB23-60 vom 2023-11-14", "url": "https://helpx.adobe.com/security/products/incopy/apsb23-60.html" }, { "category": "external", "summary": "Adobe Security Bulletin APSB23-58 vom 2023-11-14", "url": "https://helpx.adobe.com/security/products/framemaker/apsb23-58.html" }, { "category": "external", "summary": "Adobe Security Bulletin APSB23-62 vom 2023-11-14", "url": "https://helpx.adobe.com/security/products/dimension/apsb23-62.html" }, { "category": "external", "summary": "Adobe Security Bulletin APSB23-52 vom 2023-11-14", "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" }, { "category": "external", "summary": "Adobe Security Bulletin APSB23-57 vom 2023-11-14", "url": "https://helpx.adobe.com/security/products/bridge/apsb23-57.html" }, { "category": "external", "summary": "Adobe Security Bulletin APSB23-64 vom 2023-11-14", "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" }, { "category": "external", "summary": "Adobe Security Bulletin APSB23-61 vom 2023-11-14", "url": "https://helpx.adobe.com/security/products/animate/apsb23-61.html" }, { "category": "external", "summary": "Adobe Security Bulletin APSB23-66 vom 2023-11-14", "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html" } ], "source_lang": "en-US", "title": "Adobe Creative Cloud: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-11-14T23:00:00.000+00:00", "generator": { "date": "2024-08-15T18:01:39.137+00:00", "engine": { "name": "BSI-WID", "version": "1.3.5" } }, "id": "WID-SEC-W-2023-2921", "initial_release_date": "2023-11-14T23:00:00.000+00:00", "revision_history": [ { "date": "2023-11-14T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Adobe Creative Cloud After Effects \u003c 24.0.3", "product": { "name": "Adobe Creative Cloud After Effects \u003c 24.0.3", "product_id": "T031123", "product_identification_helper": { "cpe": "cpe:/a:adobe:creative_cloud:after_effects_24.0.3" } } }, { "category": "product_name", "name": "Adobe Creative Cloud After Effects \u003c 23.6.2", "product": { "name": "Adobe Creative Cloud After Effects \u003c 23.6.2", "product_id": "T031124", "product_identification_helper": { "cpe": "cpe:/a:adobe:creative_cloud:after_effects_23.6.2" } } }, { "category": "product_name", "name": "Adobe Creative Cloud Animate \u003c 23.0.3", "product": { "name": "Adobe Creative Cloud Animate \u003c 23.0.3", "product_id": "T031125", "product_identification_helper": { "cpe": "cpe:/a:adobe:creative_cloud:animate_23.0.3" } } }, { "category": "product_name", "name": "Adobe Creative Cloud Animate \u003c 24.0", "product": { "name": "Adobe Creative Cloud Animate \u003c 24.0", "product_id": "T031126", "product_identification_helper": { "cpe": "cpe:/a:adobe:creative_cloud:animate_24.0" } } }, { "category": "product_name", "name": "Adobe Creative Cloud Audition \u003c 24.0", "product": { "name": "Adobe Creative Cloud Audition \u003c 24.0", "product_id": "T031127", "product_identification_helper": { "cpe": "cpe:/a:adobe:creative_cloud:audition_24.0" } } }, { "category": "product_name", "name": "Adobe Creative Cloud Audition \u003c 23.6.1", "product": { "name": "Adobe Creative Cloud Audition \u003c 23.6.1", "product_id": "T031128", "product_identification_helper": { "cpe": "cpe:/a:adobe:creative_cloud:audition_23.6.1" } } }, { "category": "product_name", "name": "Adobe Creative Cloud Bridge\u202f \u003c 13.0.5", "product": { "name": "Adobe Creative Cloud Bridge\u202f \u003c 13.0.5", "product_id": "T031129", "product_identification_helper": { "cpe": "cpe:/a:adobe:creative_cloud:bridge_13.0.5" } } }, { "category": "product_name", "name": "Adobe Creative Cloud Bridge\u202f \u003c 14.0.1", "product": { "name": "Adobe Creative Cloud Bridge\u202f \u003c 14.0.1", "product_id": "T031130", "product_identification_helper": { "cpe": "cpe:/a:adobe:creative_cloud:bridge_14.0.1" } } }, { "category": "product_name", "name": "Adobe Creative Cloud Coldfusion 2023 \u003c Update 6", "product": { "name": "Adobe Creative Cloud Coldfusion 2023 \u003c Update 6", "product_id": "T031131", "product_identification_helper": { "cpe": "cpe:/a:adobe:creative_cloud:coldfusion_2023_update_6" } } }, { "category": "product_name", "name": "Adobe Creative Cloud Coldfusion 2021 \u003c Update 12", "product": { "name": "Adobe Creative Cloud Coldfusion 2021 \u003c Update 12", "product_id": "T031132", "product_identification_helper": { "cpe": "cpe:/a:adobe:creative_cloud:coldfusion_2021_update_12" } } }, { "category": "product_name", "name": "Adobe Creative Cloud Dimension \u003c 3.4.10", "product": { "name": "Adobe Creative Cloud Dimension \u003c 3.4.10", "product_id": "T031135", "product_identification_helper": { "cpe": "cpe:/a:adobe:creative_cloud:dimension_3.4.10" } } }, { "category": "product_name", "name": "Adobe Creative Cloud FrameMaker Publishing Server Version 2022 \u003c Update 1", "product": { "name": "Adobe Creative Cloud FrameMaker Publishing Server Version 2022 \u003c Update 1", "product_id": "T031138", "product_identification_helper": { "cpe": "cpe:/a:adobe:creative_cloud:framemaker_publishing_server_version_2022_update_1" } } }, { "category": "product_name", "name": "Adobe Creative Cloud InCopy\u202f \u003c\u202f19.0", "product": { "name": "Adobe Creative Cloud InCopy\u202f \u003c\u202f19.0", "product_id": "T031139", "product_identification_helper": { "cpe": "cpe:/a:adobe:creative_cloud:incopy19.0" } } }, { "category": "product_name", "name": "Adobe Creative Cloud InCopy\u202f\u202f\u003c 18.5.1", "product": { "name": "Adobe Creative Cloud InCopy\u202f\u202f\u003c 18.5.1", "product_id": "T031140", "product_identification_helper": { "cpe": "cpe:/a:adobe:creative_cloud:incopy18.5.1" } } }, { "category": "product_name", "name": "Adobe Creative Cloud InDesign \u003c ID19.0", "product": { "name": "Adobe Creative Cloud InDesign \u003c ID19.0", "product_id": "T031141", "product_identification_helper": { "cpe": "cpe:/a:adobe:creative_cloud:indesign_id19.0" } } }, { "category": "product_name", "name": "Adobe Creative Cloud InDesign \u003c ID18.5.1", "product": { "name": "Adobe Creative Cloud InDesign \u003c ID18.5.1", "product_id": "T031142", "product_identification_helper": { "cpe": "cpe:/a:adobe:creative_cloud:indesign_id18.5.1" } } }, { "category": "product_name", "name": "Adobe Creative Cloud Media Encoder \u003c 24.0.3", "product": { "name": "Adobe Creative Cloud Media Encoder \u003c 24.0.3", "product_id": "T031143", "product_identification_helper": { "cpe": "cpe:/a:adobe:creative_cloud:media_encoder_24.0.3" } } }, { "category": "product_name", "name": "Adobe Creative Cloud Media Encoder \u003c 23.6.2", "product": { "name": "Adobe Creative Cloud Media Encoder \u003c 23.6.2", "product_id": "T031144", "product_identification_helper": { "cpe": "cpe:/a:adobe:creative_cloud:media_encoder_23.6.2" } } }, { "category": "product_name", "name": "Adobe Creative Cloud Premiere Pro \u003c 23.6.2", "product": { "name": "Adobe Creative Cloud Premiere Pro \u003c 23.6.2", "product_id": "T031145", "product_identification_helper": { "cpe": "cpe:/a:adobe:creative_cloud:premiere_pro_23.6.2" } } }, { "category": "product_name", "name": "Adobe Creative Cloud Premiere Pro \u003c 24.0.3", "product": { "name": "Adobe Creative Cloud Premiere Pro \u003c 24.0.3", "product_id": "T031146", "product_identification_helper": { "cpe": "cpe:/a:adobe:creative_cloud:premiere_pro_24.0.3" } } } ], "category": "product_name", "name": "Creative Cloud" } ], "category": "vendor", "name": "Adobe" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-47073", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47073" }, { "cve": "CVE-2023-47072", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47072" }, { "cve": "CVE-2023-47071", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47071" }, { "cve": "CVE-2023-47070", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47070" }, { "cve": "CVE-2023-47069", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47069" }, { "cve": "CVE-2023-47068", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47068" }, { "cve": "CVE-2023-47067", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47067" }, { "cve": "CVE-2023-47066", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47066" }, { "cve": "CVE-2023-47060", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47060" }, { "cve": "CVE-2023-47059", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47059" }, { "cve": "CVE-2023-47058", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47058" }, { "cve": "CVE-2023-47057", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47057" }, { "cve": "CVE-2023-47056", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47056" }, { "cve": "CVE-2023-47055", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47055" }, { "cve": "CVE-2023-47054", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47054" }, { "cve": "CVE-2023-47053", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47053" }, { "cve": "CVE-2023-47052", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47052" }, { "cve": "CVE-2023-47051", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47051" }, { "cve": "CVE-2023-47050", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47050" }, { "cve": "CVE-2023-47049", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47049" }, { "cve": "CVE-2023-47048", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47048" }, { "cve": "CVE-2023-47047", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47047" }, { "cve": "CVE-2023-47046", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47046" }, { "cve": "CVE-2023-47044", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47044" }, { "cve": "CVE-2023-47043", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47043" }, { "cve": "CVE-2023-47042", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47042" }, { "cve": "CVE-2023-47041", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47041" }, { "cve": "CVE-2023-47040", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-47040" }, { "cve": "CVE-2023-44355", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-44355" }, { "cve": "CVE-2023-44353", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-44353" }, { "cve": "CVE-2023-44352", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-44352" }, { "cve": "CVE-2023-44351", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-44351" }, { "cve": "CVE-2023-44350", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-44350" }, { "cve": "CVE-2023-44347", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-44347" }, { "cve": "CVE-2023-44346", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-44346" }, { "cve": "CVE-2023-44345", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-44345" }, { "cve": "CVE-2023-44344", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-44344" }, { "cve": "CVE-2023-44343", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-44343" }, { "cve": "CVE-2023-44342", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-44342" }, { "cve": "CVE-2023-44341", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-44341" }, { "cve": "CVE-2023-44329", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-44329" }, { "cve": "CVE-2023-44328", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-44328" }, { "cve": "CVE-2023-44327", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-44327" }, { "cve": "CVE-2023-44326", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-44326" }, { "cve": "CVE-2023-44325", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-44325" }, { "cve": "CVE-2023-44324", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-44324" }, { "cve": "CVE-2023-26368", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-26368" }, { "cve": "CVE-2023-26347", "notes": [ { "category": "description", "text": "In verschiedenen Produkten der Adobe Creative Cloud existieren mehrere Schwachstellen. Diese sind zur\u00fcckzuf\u00fchren auf Out-of-Bounds-Lese- und Schreibfehler, Fehler bei der Initialisierung, Use-after-Free-Fehler, Puffer\u00fcberlauffehler, Fehler in der Zugriffskontrolle, Fehler bei der Validierung von Eingaben sowie einer NULL-Zeiger-Dereferenz. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "release_date": "2023-11-14T23:00:00.000+00:00", "title": "CVE-2023-26347" } ] }
cve-2023-47059
Vulnerability from cvelistv5
Published
2023-11-16 16:16
Modified
2024-09-04 20:38
Severity ?
EPSS score ?
Summary
Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Premiere Pro |
Version: 0 ≤ 24.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.685Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:premiere_pro:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "premiere_pro", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "24.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-47059", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-02-08T20:26:15.552414Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T20:38:08.249Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Premiere Pro", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "24.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T16:16:27.771Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21767: Adobe Premiere Pro MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47059", "datePublished": "2023-11-16T16:16:27.771Z", "dateReserved": "2023-10-30T16:23:27.886Z", "dateUpdated": "2024-09-04T20:38:08.249Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-26347
Vulnerability from cvelistv5
Published
2023-11-17 13:31
Modified
2024-10-21 14:17
Severity ?
EPSS score ?
Summary
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2021.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:46:24.614Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-26347", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-15T17:28:45.976291Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-21T14:17:57.249Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2021.11", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.5, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.5, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "Improper Access Control (CWE-284)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-17T13:31:33.156Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "CVE-2023-38205 issues | ColdFusion Admin Panel Access" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-26347", "datePublished": "2023-11-17T13:31:33.156Z", "dateReserved": "2023-02-22T19:47:52.374Z", "dateUpdated": "2024-10-21T14:17:57.249Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47055
Vulnerability from cvelistv5
Published
2023-11-16 16:16
Modified
2024-09-04 20:40
Severity ?
EPSS score ?
Summary
Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Premiere Pro |
Version: 0 ≤ 24.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.350Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:premiere_pro:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "premiere_pro", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "24.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-47055", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-02-08T20:26:15.552414Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T20:40:19.322Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Premiere Pro", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "24.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "Use After Free (CWE-416)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T16:16:27.000Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21765: Adobe Premiere Pro M4A File Parsing Use-After-Free Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47055", "datePublished": "2023-11-16T16:16:27.000Z", "dateReserved": "2023-10-30T16:23:27.885Z", "dateUpdated": "2024-09-04T20:40:19.322Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47066
Vulnerability from cvelistv5
Published
2023-11-17 10:55
Modified
2024-09-04 19:56
Severity ?
EPSS score ?
Summary
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | After Effects |
Version: 0 ≤ 23.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.645Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:after_effects:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "after_effects", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "24.0.2", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "23.6", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-47066", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-02-07T20:28:34.828354Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T19:56:08.586Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "After Effects", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-17T10:55:40.342Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21705: Adobe After Effects MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47066", "datePublished": "2023-11-17T10:55:40.342Z", "dateReserved": "2023-10-30T16:23:27.887Z", "dateUpdated": "2024-09-04T19:56:08.586Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47044
Vulnerability from cvelistv5
Published
2023-11-16 14:42
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Media Encoder |
Version: 0 ≤ 23.6 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:media_encoder:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "media_encoder", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "24.0.2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-47044", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-14T00:44:19.244557Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T12:44:24.982Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.560Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Media Encoder", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-824", "description": "Access of Uninitialized Pointer (CWE-824)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-04T15:58:11.454Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21789: Adobe Media Encoder MP4 File Uninitialized Variable Information Disclosure Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47044", "datePublished": "2023-11-16T14:42:58.039Z", "dateReserved": "2023-10-30T16:23:27.884Z", "dateUpdated": "2024-08-02T21:01:22.560Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47073
Vulnerability from cvelistv5
Published
2023-11-17 10:55
Modified
2024-09-16 18:59
Severity ?
EPSS score ?
Summary
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | After Effects |
Version: 0 ≤ 23.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.513Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "after_effects", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "23.6", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-47073", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-02-14T21:21:13.209294Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-16T18:59:42.129Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "After Effects", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "Out-of-bounds Write (CWE-787)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-17T10:55:38.290Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21709: Adobe After Effects MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47073", "datePublished": "2023-11-17T10:55:38.290Z", "dateReserved": "2023-10-30T16:23:27.888Z", "dateUpdated": "2024-09-16T18:59:42.129Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44325
Vulnerability from cvelistv5
Published
2023-11-17 08:26
Modified
2024-08-02 19:59
Severity ?
EPSS score ?
Summary
Adobe Animate versions 23.0.2 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/animate/apsb23-61.html | vendor-advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:59:52.093Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/animate/apsb23-61.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Animate", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.0.2", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Animate versions 23.0.2 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-17T08:26:35.746Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/animate/apsb23-61.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21666: Adobe Animate FLA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44325", "datePublished": "2023-11-17T08:26:35.746Z", "dateReserved": "2023-09-28T16:25:40.448Z", "dateUpdated": "2024-08-02T19:59:52.093Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47048
Vulnerability from cvelistv5
Published
2023-11-16 15:39
Modified
2024-09-11 13:44
Severity ?
EPSS score ?
Summary
Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/audition/apsb23-64.html | vendor-advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.793Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-47048", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-11T13:29:51.156098Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T13:44:04.625Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Audition", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6.1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-04T16:06:37.613Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21688: Adobe Audition MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47048", "datePublished": "2023-11-16T15:39:35.374Z", "dateReserved": "2023-10-30T16:23:27.885Z", "dateUpdated": "2024-09-11T13:44:04.625Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47051
Vulnerability from cvelistv5
Published
2023-11-16 15:39
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/audition/apsb23-64.html | vendor-advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.415Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Audition", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6.1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "Heap-based Buffer Overflow (CWE-122)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-04T16:06:39.583Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21683: Adobe Audition MP4 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47051", "datePublished": "2023-11-16T15:39:32.683Z", "dateReserved": "2023-10-30T16:23:27.885Z", "dateUpdated": "2024-08-02T21:01:22.415Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44350
Vulnerability from cvelistv5
Published
2023-11-17 13:31
Modified
2024-09-16 12:57
Severity ?
EPSS score ?
Summary
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2021.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:07:32.158Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:coldfusion:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "coldfusion", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "2023.5", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "2021.11", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-44350", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T19:37:10.747107Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T19:38:29.335Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2021.11", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 9.8, "environmentalSeverity": "CRITICAL", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 9.8, "temporalSeverity": "CRITICAL", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "Deserialization of Untrusted Data (CWE-502)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-16T12:57:22.438Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ColdFusion | Deserialization of Untrusted Data (CWE-502)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44350", "datePublished": "2023-11-17T13:31:30.360Z", "dateReserved": "2023-09-28T16:25:40.451Z", "dateUpdated": "2024-09-16T12:57:22.438Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44347
Vulnerability from cvelistv5
Published
2023-11-16 10:11
Modified
2024-08-02 20:07
Severity ?
EPSS score ?
Summary
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/indesign/apsb23-55.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | InDesign Desktop |
Version: 0 ≤ ID18.5 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-44347", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-29T17:26:22.205496Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:19:29.891Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T20:07:32.146Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/indesign/apsb23-55.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "InDesign Desktop", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "ID18.5", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "NONE", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "NULL Pointer Dereference (CWE-476)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T10:11:16.856Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/indesign/apsb23-55.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe InDesign CC 2023 Memory Corruption Vulnerability IX." } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44347", "datePublished": "2023-11-16T10:11:16.856Z", "dateReserved": "2023-09-28T16:25:40.450Z", "dateUpdated": "2024-08-02T20:07:32.146Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44327
Vulnerability from cvelistv5
Published
2023-11-16 14:32
Modified
2024-08-02 19:59
Severity ?
EPSS score ?
Summary
Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/bridge/apsb23-57.html | vendor-advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:59:52.138Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/bridge/apsb23-57.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Bridge", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "14.0.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-824", "description": "Access of Uninitialized Pointer (CWE-824)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-04T15:39:09.218Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/bridge/apsb23-57.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21793: Adobe Bridge MP4 File Uninitialized Variable Information Disclosure Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44327", "datePublished": "2023-11-16T14:32:44.041Z", "dateReserved": "2023-09-28T16:25:40.448Z", "dateUpdated": "2024-08-02T19:59:52.138Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47058
Vulnerability from cvelistv5
Published
2023-11-16 16:16
Modified
2024-09-04 20:32
Severity ?
EPSS score ?
Summary
Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Premiere Pro |
Version: 0 ≤ 24.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.808Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:premiere_pro:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "premiere_pro", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "24.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-47058", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-02-08T20:26:15.552414Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T20:32:37.495Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Premiere Pro", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "24.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T16:16:28.877Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21766: Adobe Premiere Pro MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47058", "datePublished": "2023-11-16T16:16:28.877Z", "dateReserved": "2023-10-30T16:23:27.886Z", "dateUpdated": "2024-09-04T20:32:37.495Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47040
Vulnerability from cvelistv5
Published
2023-11-16 14:42
Modified
2024-09-04 20:48
Severity ?
EPSS score ?
Summary
Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Media Encoder |
Version: 0 ≤ 23.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.424Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:media_encoder:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "media_encoder", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "23.6", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-47040", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-02-10T18:18:23.111624Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T20:48:43.007Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Media Encoder", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T14:42:57.237Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21698: Adobe Media Encoder MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47040", "datePublished": "2023-11-16T14:42:57.237Z", "dateReserved": "2023-10-30T16:23:27.883Z", "dateUpdated": "2024-09-04T20:48:43.007Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47056
Vulnerability from cvelistv5
Published
2023-11-16 16:16
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Premiere Pro |
Version: 0 ≤ 24.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.620Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Premiere Pro", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "24.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "Heap-based Buffer Overflow (CWE-122)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T16:16:30.469Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21763: Adobe Premiere Pro MP4 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47056", "datePublished": "2023-11-16T16:16:30.469Z", "dateReserved": "2023-10-30T16:23:27.886Z", "dateUpdated": "2024-08-02T21:01:22.620Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44341
Vulnerability from cvelistv5
Published
2023-11-16 10:11
Modified
2024-08-02 20:07
Severity ?
EPSS score ?
Summary
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/indesign/apsb23-55.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | InDesign Desktop |
Version: 0 ≤ ID18.5 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-44341", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-29T17:27:29.515771Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:19:22.439Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T20:07:32.162Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/indesign/apsb23-55.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "InDesign Desktop", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "ID18.5", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "NONE", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "NULL Pointer Dereference (CWE-476)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T10:11:18.407Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/indesign/apsb23-55.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe InDesign CC 2023 Memory Corruption Vulnerability I" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44341", "datePublished": "2023-11-16T10:11:18.407Z", "dateReserved": "2023-09-28T16:25:40.450Z", "dateUpdated": "2024-08-02T20:07:32.162Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47053
Vulnerability from cvelistv5
Published
2023-11-16 15:39
Modified
2024-09-04 20:45
Severity ?
EPSS score ?
Summary
Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/audition/apsb23-64.html | vendor-advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.625Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-47053", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T20:44:43.816920Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T20:45:00.162Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Audition", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6.1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-824", "description": "Access of Uninitialized Pointer (CWE-824)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T15:39:38.866Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21689: Adobe Audition MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47053", "datePublished": "2023-11-16T15:39:38.866Z", "dateReserved": "2023-10-30T16:23:27.885Z", "dateUpdated": "2024-09-04T20:45:00.162Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47072
Vulnerability from cvelistv5
Published
2023-11-17 10:55
Modified
2024-09-04 19:53
Severity ?
EPSS score ?
Summary
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | After Effects |
Version: 0 ≤ 23.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.652Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-47072", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T19:53:41.221307Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T19:53:51.354Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "After Effects", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 3.3, "environmentalSeverity": "LOW", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 3.3, "temporalSeverity": "LOW", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-824", "description": "Access of Uninitialized Pointer (CWE-824)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-17T10:55:41.125Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21790: Adobe After Effects MP4 File Uninitialized Variable Information Disclosure Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47072", "datePublished": "2023-11-17T10:55:41.125Z", "dateReserved": "2023-10-30T16:23:27.888Z", "dateUpdated": "2024-09-04T19:53:51.354Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44353
Vulnerability from cvelistv5
Published
2023-11-17 13:31
Modified
2024-09-04 19:36
Severity ?
EPSS score ?
Summary
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2021.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:07:32.751Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:coldfusion:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "coldfusion", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "2023.5", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "2021.11", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-44353", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T19:32:50.545301Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T19:36:16.786Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2021.11", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 9.8, "environmentalSeverity": "CRITICAL", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 9.8, "temporalSeverity": "CRITICAL", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "Deserialization of Untrusted Data (CWE-502)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-17T13:31:31.132Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ColdFusion WDDX Deserialization Gadgets" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44353", "datePublished": "2023-11-17T13:31:31.132Z", "dateReserved": "2023-09-28T16:25:40.452Z", "dateUpdated": "2024-09-04T19:36:16.786Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44328
Vulnerability from cvelistv5
Published
2023-11-16 14:32
Modified
2024-08-02 19:59
Severity ?
EPSS score ?
Summary
Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/bridge/apsb23-57.html | vendor-advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:59:52.120Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/bridge/apsb23-57.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Bridge", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "14.0.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "Use After Free (CWE-416)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-04T15:48:44.521Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/bridge/apsb23-57.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21797: Adobe Bridge MP4 File Parsing Use-After-Free Information Disclosure Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44328", "datePublished": "2023-11-16T14:32:44.846Z", "dateReserved": "2023-09-28T16:25:40.448Z", "dateUpdated": "2024-08-02T19:59:52.120Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44351
Vulnerability from cvelistv5
Published
2023-11-17 13:31
Modified
2024-09-04 19:10
Severity ?
EPSS score ?
Summary
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2021.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:07:32.863Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:coldfusion:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "coldfusion", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "2023.5", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "2021.11", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-44351", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T19:06:47.590147Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T19:10:46.647Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2021.11", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 9.8, "environmentalSeverity": "CRITICAL", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 9.8, "temporalSeverity": "CRITICAL", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "Deserialization of Untrusted Data (CWE-502)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-17T13:31:34.680Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe ColdFusion RCE Security Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44351", "datePublished": "2023-11-17T13:31:34.680Z", "dateReserved": "2023-09-28T16:25:40.451Z", "dateUpdated": "2024-09-04T19:10:46.647Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47060
Vulnerability from cvelistv5
Published
2023-11-16 16:16
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Premiere Pro |
Version: 0 ≤ 24.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.798Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Premiere Pro", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "24.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 3.3, "environmentalSeverity": "LOW", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 3.3, "temporalSeverity": "LOW", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-824", "description": "Access of Uninitialized Pointer (CWE-824)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T16:16:29.663Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21792: Adobe Premiere Pro MP4 File Uninitialized Variable Information Disclosure Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47060", "datePublished": "2023-11-16T16:16:29.663Z", "dateReserved": "2023-10-30T16:23:27.886Z", "dateUpdated": "2024-08-02T21:01:22.798Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47057
Vulnerability from cvelistv5
Published
2023-11-16 16:16
Modified
2024-09-04 20:41
Severity ?
EPSS score ?
Summary
Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Premiere Pro |
Version: 0 ≤ 24.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.678Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:premiere_pro:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "premiere_pro", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "24.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-47057", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2023-11-22T18:26:24.357699Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T20:41:39.534Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Premiere Pro", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "24.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "Out-of-bounds Write (CWE-787)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T16:16:26.228Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21764: Adobe Premiere Pro MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47057", "datePublished": "2023-11-16T16:16:26.228Z", "dateReserved": "2023-10-30T16:23:27.886Z", "dateUpdated": "2024-09-04T20:41:39.534Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44344
Vulnerability from cvelistv5
Published
2023-11-16 10:11
Modified
2024-08-02 20:07
Severity ?
EPSS score ?
Summary
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/indesign/apsb23-55.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | InDesign Desktop |
Version: 0 ≤ ID18.5 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "indesign", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "ID18.5", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThanOrEqual": "ID17.4.2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-44344", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-02-29T17:27:12.783499Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-18T20:41:46.468Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T20:07:32.145Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/indesign/apsb23-55.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "InDesign Desktop", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "ID18.5", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T10:11:19.676Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/indesign/apsb23-55.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe InDesign CC 2023 Memory Corruption Vulnerability V." } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44344", "datePublished": "2023-11-16T10:11:19.676Z", "dateReserved": "2023-09-28T16:25:40.450Z", "dateUpdated": "2024-08-02T20:07:32.145Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47067
Vulnerability from cvelistv5
Published
2023-11-17 10:55
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | After Effects |
Version: 0 ≤ 23.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.603Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "After Effects", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-17T10:55:36.088Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21706: Adobe After Effects MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47067", "datePublished": "2023-11-17T10:55:36.088Z", "dateReserved": "2023-10-30T16:23:27.887Z", "dateUpdated": "2024-08-02T21:01:22.603Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47042
Vulnerability from cvelistv5
Published
2023-11-16 14:42
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Media Encoder |
Version: 0 ≤ 23.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.688Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Media Encoder", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "Heap-based Buffer Overflow (CWE-122)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T14:42:56.086Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21696: Adobe Media Encoder MP4 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47042", "datePublished": "2023-11-16T14:42:56.086Z", "dateReserved": "2023-10-30T16:23:27.884Z", "dateUpdated": "2024-08-02T21:01:22.688Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44343
Vulnerability from cvelistv5
Published
2023-11-16 10:11
Modified
2024-08-02 20:07
Severity ?
EPSS score ?
Summary
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/indesign/apsb23-55.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | InDesign Desktop |
Version: 0 ≤ ID18.5 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "indesign", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "ID18.5", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThanOrEqual": "ID17.4.2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-44343", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-02-29T17:22:52.492554Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-18T20:41:53.663Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T20:07:32.163Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/indesign/apsb23-55.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "InDesign Desktop", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "ID18.5", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T10:11:15.676Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/indesign/apsb23-55.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe InDesign CC 2023 Memory Corruption Vulnerability III." } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44343", "datePublished": "2023-11-16T10:11:15.676Z", "dateReserved": "2023-09-28T16:25:40.450Z", "dateUpdated": "2024-08-02T20:07:32.163Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47043
Vulnerability from cvelistv5
Published
2023-11-16 14:42
Modified
2024-12-18 18:05
Severity ?
EPSS score ?
Summary
Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Media Encoder |
Version: 0 ≤ 23.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.381Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-47043", "options": [ { "Exploitation": "None" }, { "Automatable": "No" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-18T18:05:12.407660Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-18T18:05:27.074Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Media Encoder", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T14:42:54.155Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21699: Adobe Media Encoder MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47043", "datePublished": "2023-11-16T14:42:54.155Z", "dateReserved": "2023-10-30T16:23:27.884Z", "dateUpdated": "2024-12-18T18:05:27.074Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47046
Vulnerability from cvelistv5
Published
2023-11-16 15:39
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/audition/apsb23-64.html | vendor-advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.734Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Audition", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6.1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "Out-of-bounds Write (CWE-787)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-04T16:06:36.373Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21684: Adobe Audition MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47046", "datePublished": "2023-11-16T15:39:37.423Z", "dateReserved": "2023-10-30T16:23:27.884Z", "dateUpdated": "2024-08-02T21:01:22.734Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47052
Vulnerability from cvelistv5
Published
2023-11-16 15:39
Modified
2024-09-04 20:46
Severity ?
EPSS score ?
Summary
Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/audition/apsb23-64.html | vendor-advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.642Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-47052", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T20:45:54.536836Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T20:46:07.878Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Audition", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6.1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T15:39:31.858Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21687: Adobe Audition MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47052", "datePublished": "2023-11-16T15:39:31.858Z", "dateReserved": "2023-10-30T16:23:27.885Z", "dateUpdated": "2024-09-04T20:46:07.878Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44342
Vulnerability from cvelistv5
Published
2023-11-16 10:11
Modified
2024-08-02 20:07
Severity ?
EPSS score ?
Summary
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/indesign/apsb23-55.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | InDesign Desktop |
Version: 0 ≤ ID18.5 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-44342", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-29T14:40:36.494120Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:19:37.576Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T20:07:32.172Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/indesign/apsb23-55.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "InDesign Desktop", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "ID18.5", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T10:11:14.888Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/indesign/apsb23-55.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe InDesign CC 2023 Memory Corruption Vulnerability II." } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44342", "datePublished": "2023-11-16T10:11:14.888Z", "dateReserved": "2023-09-28T16:25:40.450Z", "dateUpdated": "2024-08-02T20:07:32.172Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47047
Vulnerability from cvelistv5
Published
2023-11-16 15:39
Modified
2024-11-25 21:01
Severity ?
EPSS score ?
Summary
Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/audition/apsb23-64.html | vendor-advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.377Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-47047", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-25T21:01:38.354782Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-25T21:01:46.741Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Audition", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6.1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-824", "description": "Access of Uninitialized Pointer (CWE-824)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-04T16:06:36.785Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21685: Adobe Audition MP4 File Parsing Uninitialized Variable Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47047", "datePublished": "2023-11-16T15:39:39.639Z", "dateReserved": "2023-10-30T16:23:27.885Z", "dateUpdated": "2024-11-25T21:01:46.741Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-26368
Vulnerability from cvelistv5
Published
2023-11-16 15:45
Modified
2024-09-04 20:43
Severity ?
EPSS score ?
Summary
Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and earlier) are affected by are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/incopy/apsb23-60.html | vendor-advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:46:24.478Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/incopy/apsb23-60.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:incopy:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "incopy", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "17.4.2", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-26368", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-02-14T21:35:08.353944Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T20:43:07.390Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "InCopy", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "17.4.2", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and earlier) are affected by are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T15:45:10.495Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/incopy/apsb23-60.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe InCopy Out-of-Bounds Read Vulnerability v1.0" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-26368", "datePublished": "2023-11-16T15:45:10.495Z", "dateReserved": "2023-02-22T19:47:52.380Z", "dateUpdated": "2024-09-04T20:43:07.390Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47070
Vulnerability from cvelistv5
Published
2023-11-17 10:55
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | After Effects |
Version: 0 ≤ 23.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.675Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "After Effects", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "Out-of-bounds Write (CWE-787)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-17T10:55:39.060Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21708: Adobe After Effects MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47070", "datePublished": "2023-11-17T10:55:39.060Z", "dateReserved": "2023-10-30T16:23:27.887Z", "dateUpdated": "2024-08-02T21:01:22.675Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47054
Vulnerability from cvelistv5
Published
2023-11-16 15:39
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/audition/apsb23-64.html | vendor-advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.376Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Audition", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6.1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-824", "description": "Access of Uninitialized Pointer (CWE-824)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-04T16:00:57.501Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21782: Adobe Audition MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47054", "datePublished": "2023-11-16T15:39:33.840Z", "dateReserved": "2023-10-30T16:23:27.885Z", "dateUpdated": "2024-08-02T21:01:22.376Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44355
Vulnerability from cvelistv5
Published
2023-11-17 13:31
Modified
2024-10-11 15:59
Severity ?
EPSS score ?
Summary
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to impact a minor integrity feature. Exploitation of this issue does require user interaction.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2021.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:07:32.175Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-44355", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-11T15:59:47.747440Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-11T15:59:51.033Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2021.11", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to impact a minor integrity feature. Exploitation of this issue does require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 4.3, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "NONE", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 4.3, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-16T12:57:55.727Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ColdFusion | Improper Input Validation (CWE-20)" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44355", "datePublished": "2023-11-17T13:31:33.927Z", "dateReserved": "2023-09-28T16:25:40.452Z", "dateUpdated": "2024-10-11T15:59:51.033Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47069
Vulnerability from cvelistv5
Published
2023-11-17 10:55
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | After Effects |
Version: 0 ≤ 23.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.617Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "After Effects", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-17T10:55:36.870Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21703: Adobe After Effects M4A File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47069", "datePublished": "2023-11-17T10:55:36.870Z", "dateReserved": "2023-10-30T16:23:27.887Z", "dateUpdated": "2024-08-02T21:01:22.617Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47041
Vulnerability from cvelistv5
Published
2023-11-16 14:42
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Media Encoder |
Version: 0 ≤ 23.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.221Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Media Encoder", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "Out-of-bounds Write (CWE-787)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T14:42:55.316Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21697: Adobe Media Encoder MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47041", "datePublished": "2023-11-16T14:42:55.316Z", "dateReserved": "2023-10-30T16:23:27.884Z", "dateUpdated": "2024-08-02T21:01:22.221Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47068
Vulnerability from cvelistv5
Published
2023-11-17 10:55
Modified
2024-09-04 19:52
Severity ?
EPSS score ?
Summary
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | After Effects |
Version: 0 ≤ 23.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.743Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:after_effects:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "after_effects", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "24.02", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "23.6", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-47068", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-02-14T21:20:46.450191Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T19:52:56.372Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "After Effects", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-17T10:55:43.253Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21702: Adobe After Effects MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47068", "datePublished": "2023-11-17T10:55:43.253Z", "dateReserved": "2023-10-30T16:23:27.887Z", "dateUpdated": "2024-09-04T19:52:56.372Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44329
Vulnerability from cvelistv5
Published
2023-11-16 14:32
Modified
2024-08-02 19:59
Severity ?
EPSS score ?
Summary
Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/bridge/apsb23-57.html | vendor-advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:59:51.991Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/bridge/apsb23-57.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Bridge", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "14.0.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-824", "description": "Access of Uninitialized Pointer (CWE-824)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-04T15:42:57.637Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/bridge/apsb23-57.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21798: Adobe Bridge MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44329", "datePublished": "2023-11-16T14:32:46.016Z", "dateReserved": "2023-09-28T16:25:40.448Z", "dateUpdated": "2024-08-02T19:59:51.991Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47049
Vulnerability from cvelistv5
Published
2023-11-16 15:39
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/audition/apsb23-64.html | vendor-advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.711Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Audition", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6.1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-04T16:06:38.024Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21690: Adobe Audition MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47049", "datePublished": "2023-11-16T15:39:36.640Z", "dateReserved": "2023-10-30T16:23:27.885Z", "dateUpdated": "2024-08-02T21:01:22.711Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44326
Vulnerability from cvelistv5
Published
2023-11-17 08:49
Modified
2024-08-02 19:59
Severity ?
EPSS score ?
Summary
Adobe Dimension versions 3.4.9 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/dimension/apsb23-62.html | vendor-advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:59:51.999Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/dimension/apsb23-62.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Dimension", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "3.4.9", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Dimension versions 3.4.9 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-17T08:49:46.970Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/dimension/apsb23-62.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21866: Adobe Dimension GLTF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44326", "datePublished": "2023-11-17T08:49:46.970Z", "dateReserved": "2023-09-28T16:25:40.448Z", "dateUpdated": "2024-08-02T19:59:51.999Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47071
Vulnerability from cvelistv5
Published
2023-11-17 10:55
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/after_effects/apsb23-66.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | After Effects |
Version: 0 ≤ 23.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.672Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "After Effects", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-04T16:05:09.310Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21704: Adobe After Effects MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47071", "datePublished": "2023-11-17T10:55:41.896Z", "dateReserved": "2023-10-30T16:23:27.887Z", "dateUpdated": "2024-08-02T21:01:22.672Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44346
Vulnerability from cvelistv5
Published
2023-11-16 10:11
Modified
2024-08-02 20:07
Severity ?
EPSS score ?
Summary
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/indesign/apsb23-55.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | InDesign Desktop |
Version: 0 ≤ ID18.5 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "indesign", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "ID18.5", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThanOrEqual": "ID17.4.2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-44346", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-02-29T17:26:39.069669Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-18T20:40:25.381Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T20:07:32.166Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/indesign/apsb23-55.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "InDesign Desktop", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "ID18.5", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T10:11:17.626Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/indesign/apsb23-55.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe InDesign CC 2023 Memory Corruption Vulnerability VIII." } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44346", "datePublished": "2023-11-16T10:11:17.626Z", "dateReserved": "2023-09-28T16:25:40.450Z", "dateUpdated": "2024-08-02T20:07:32.166Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44345
Vulnerability from cvelistv5
Published
2023-11-16 10:11
Modified
2024-08-02 20:07
Severity ?
EPSS score ?
Summary
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/indesign/apsb23-55.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | InDesign Desktop |
Version: 0 ≤ ID18.5 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "indesign", "vendor": "adobe", "versions": [ { "lessThanOrEqual": "ID18.5", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThanOrEqual": "ID17.4.2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-44345", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-02-29T17:26:55.816962Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-18T20:41:39.068Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T20:07:32.087Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/indesign/apsb23-55.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "InDesign Desktop", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "ID18.5", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "NONE", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-16T10:11:20.455Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/indesign/apsb23-55.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Adobe InDesign CC 2023 Memory Corruption Vulnerability VII." } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44345", "datePublished": "2023-11-16T10:11:20.455Z", "dateReserved": "2023-09-28T16:25:40.450Z", "dateUpdated": "2024-08-02T20:07:32.087Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44352
Vulnerability from cvelistv5
Published
2023-11-17 13:31
Modified
2024-10-29 16:06
Severity ?
EPSS score ?
Summary
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | ColdFusion |
Version: 0 ≤ 2021.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:07:33.117Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-44352", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-16T18:55:37.546184Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-29T16:06:40.067Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "2021.11", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim\u0027s browser." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 6.1, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "LOW", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 6.1, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site Scripting (Reflected XSS) (CWE-79)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-17T13:31:31.903Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Unauthenticate Reflected XSS on Adobe Coldfusion 2018 - 2021 - 2023 last version" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44352", "datePublished": "2023-11-17T13:31:31.903Z", "dateReserved": "2023-09-28T16:25:40.451Z", "dateUpdated": "2024-10-29T16:06:40.067Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47050
Vulnerability from cvelistv5
Published
2023-11-16 15:39
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/audition/apsb23-64.html | vendor-advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.634Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Audition", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "23.6.1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-04T16:06:38.747Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21686: Adobe Audition M4A File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-47050", "datePublished": "2023-11-16T15:39:34.600Z", "dateReserved": "2023-10-30T16:23:27.885Z", "dateUpdated": "2024-08-02T21:01:22.634Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-44324
Vulnerability from cvelistv5
Published
2023-11-17 12:27
Modified
2024-11-25 21:01
Severity ?
EPSS score ?
Summary
Adobe FrameMaker Publishing Server versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak default admin's password. Exploitation of this issue does not require user interaction.
References
▼ | URL | Tags |
---|---|---|
https://helpx.adobe.com/security/products/framemaker-publishing-server/apsb23-58.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Adobe | Adobe Framemaker Publishing Server |
Version: 0 ≤ v2022 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:59:52.103Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://helpx.adobe.com/security/products/framemaker-publishing-server/apsb23-58.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-44324", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-02-06T19:32:50.067286Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-25T21:01:04.178Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Adobe Framemaker Publishing Server", "vendor": "Adobe", "versions": [ { "lessThanOrEqual": "v2022", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2023-11-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Adobe FrameMaker Publishing Server versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak default admin\u0027s password. Exploitation of this issue does not require user interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 9.8, "environmentalSeverity": "CRITICAL", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 9.8, "temporalSeverity": "CRITICAL", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-287", "description": "Improper Authentication (CWE-287)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-15T16:38:35.947Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://helpx.adobe.com/security/products/framemaker-publishing-server/apsb23-58.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "ZDI-CAN-21344: Adobe FrameMaker Publishing Server Authentication Bypass Vulnerability" } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2023-44324", "datePublished": "2023-11-17T12:27:08.996Z", "dateReserved": "2023-09-28T16:25:40.448Z", "dateUpdated": "2024-11-25T21:01:04.178Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.