CVE-2023-40082

In modifyfornextstage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Design/Logic Flaw

Henschen & Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents...

The vulnerability of the Adobe Bridge file manager relates to the use of an uninitialized pointer, which allows an attacker to bypass the ASLR protection mechanism.

The vulnerability of the Adobe Bridge file manager is related to the use of an uninitialized pointer. Exploiting this vulnerability could allow an attacker to bypass the ASLR protection mechanism...

The vulnerability of the Adobe Photoshop graphic editor, related to reading beyond the buffer in memory, allows a hacker to bypass the ASLR protection mechanism.

The vulnerability of the Adobe Photoshop graphic editor is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to bypass the ASLR protection mechanism...

The vulnerability of the Adobe Bridge file manager relates to the use of an uninitialized pointer, which allows an attacker to bypass the ASLR protection mechanism.

The vulnerability of the Adobe Bridge file manager is related to the use of an uninitialized pointer. Exploiting this vulnerability could allow an attacker to bypass the ASLR protection mechanism...

The vulnerability of the Adobe Photoshop graphic editor, related to reading beyond the buffer in memory, allows a hacker to bypass the ASLR protection mechanism.

The vulnerability of the Adobe Photoshop graphic editor is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to bypass the ASLR protection mechanism...

The vulnerability of the Adobe Photoshop graphic editor, related to reading beyond the buffer in memory, allows a hacker to bypass the ASLR protection mechanism.

The vulnerability of the Adobe Photoshop graphic editor is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to bypass the ASLR protection mechanism...

LightsOut - Generate An Obfuscated DLL That Will Disable AMSI And ETW

LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing all WinAPI functions used, xor encoding strings, and utilizing basic sandbox checks. Mingw-w64 is used to compile the obfuscated C code into a DLL that can be loaded into a...

CVE-2023-47044

Adobe Media Encoder version 24.0.2 and earlier and 23.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue...

CVE-2023-44360

Adobe Acrobat Reader versions 23.006.20360 and earlier and 20.005.30524 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue...

CVE-2023-44358

Adobe Acrobat Reader versions 23.006.20360 and earlier and 20.005.30524 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue...

CVE-2023-44358

Adobe Acrobat Reader versions 23.006.20360 and earlier and 20.005.30524 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue...

CVE-2023-44348

Adobe Acrobat Reader versions 23.006.20360 and earlier and 20.005.30524 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue...

CVE-2023-44340

Adobe Acrobat Reader versions 23.006.20360 and earlier and 20.005.30524 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue...

PT-2023-7145 · Adobe · Photoshop

Name of the Vulnerable Software and Affected Versions: Adobe Photoshop versions 24.7.1 and earlier Adobe Photoshop versions 25.0 and earlier Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this...

PT-2023-7141 · Adobe · Bridge

Name of the Vulnerable Software and Affected Versions: Adobe Bridge versions 13.0.4 and earlier Adobe Bridge versions 14.0.0 and earlier Description: The issue is related to the use of an uninitialized pointer in Adobe Bridge, which could lead to the disclosure of sensitive memory. An attacker...

PT-2023-7372 · Adobe · Premiere Pro

Name of the Vulnerable Software and Affected Versions: Adobe Premiere Pro versions 24.0 and earlier Adobe Premiere Pro versions 23.6 and earlier Description: The issue is related to an Access of Uninitialized Pointer, which could lead to disclosure of sensitive memory. An attacker could leverage...

USN-6462-2: Linux kernel (IoT) vulnerabilities

Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information kernel memory or in conjunction with another kernel vulnerability. CVE-2023-0597 Yu Hao and Weite...

Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space

A possible unauthorized memory access flaw was found in the Linux kernel's cpuentryarea mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implement...

The vulnerability in Adobe Dimension’s 3D design software relates to reading beyond the buffer in memory, allowing an attacker to bypass the ASLR protection mechanism.

The vulnerability of Adobe Dimension’s 3D design software relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to bypass the ASLR protection mechanism...