ISHACK AI BOT

VMware Photon OS: CVE-2023-48231 Severity 3 CVSS (AV:L/AC:L/Au:S/C:N/I:P/A:P) Published 11/16/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-48231 CVE - 2023-48231

VMware Photon OS: CVE-2023-6121 Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 11/16/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-6121 CVE - 2023-6121

VMware Photon OS: CVE-2023-48232 Severity 3 CVSS (AV:L/AC:L/Au:S/C:N/I:P/A:P) Published 11/16/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-48232 CVE - 2023-48232

Ubuntu: USN-6557-1 (CVE-2023-48234): Vim vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 11/16/2023 Created 12/20/2023 Added 12/19/2023 Modified 01/28/2025 Description Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `58f9befca1` which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) ubuntu-pro-upgrade-vim ubuntu-pro-upgrade-vim-athena ubuntu-pro-upgrade-vim-gtk ubuntu-pro-upgrade-vim-gtk3 ubuntu-pro-upgrade-vim-nox ubuntu-pro-upgrade-vim-tiny ubuntu-pro-upgrade-xxd References https://attackerkb.com/topics/cve-2023-48234 CVE - 2023-48234 USN-6557-1

Rocky Linux: CVE-2023-6176: kernel (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 11/16/2023 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system. Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-upgrade-kernel-cross-headers rocky-upgrade-kernel-debug rocky-upgrade-kernel-debug-core rocky-upgrade-kernel-debug-debuginfo rocky-upgrade-kernel-debug-devel rocky-upgrade-kernel-debug-modules rocky-upgrade-kernel-debug-modules-extra rocky-upgrade-kernel-debuginfo rocky-upgrade-kernel-debuginfo-common-x86_64 rocky-upgrade-kernel-devel rocky-upgrade-kernel-headers rocky-upgrade-kernel-modules rocky-upgrade-kernel-modules-extra rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra rocky-upgrade-kernel-tools rocky-upgrade-kernel-tools-debuginfo rocky-upgrade-kernel-tools-libs rocky-upgrade-kernel-tools-libs-devel rocky-upgrade-perf rocky-upgrade-perf-debuginfo rocky-upgrade-python3-perf rocky-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-6176 CVE - 2023-6176 https://errata.rockylinux.org/RLSA-2024:2950 https://errata.rockylinux.org/RLSA-2024:3138

Debian: CVE-2023-6176: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 11/16/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-6176 CVE - 2023-6176

Oracle Linux: CVE-2023-36049: ELSA-2023-7256:dotnet7.0 security update (MODERATE) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/14/2023 Created 11/25/2023 Added 11/23/2023 Modified 01/07/2025 Description .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability A vulnerability was found in FormatFtpCommand in the .NET package that may result in a CRLF injection arbitrary file write and deletion. Solution(s) oracle-linux-upgrade-aspnetcore-runtime-6-0 oracle-linux-upgrade-aspnetcore-runtime-7-0 oracle-linux-upgrade-aspnetcore-runtime-8-0 oracle-linux-upgrade-aspnetcore-targeting-pack-6-0 oracle-linux-upgrade-aspnetcore-targeting-pack-7-0 oracle-linux-upgrade-aspnetcore-targeting-pack-8-0 oracle-linux-upgrade-dotnet oracle-linux-upgrade-dotnet-apphost-pack-6-0 oracle-linux-upgrade-dotnet-apphost-pack-7-0 oracle-linux-upgrade-dotnet-apphost-pack-8-0 oracle-linux-upgrade-dotnet-host oracle-linux-upgrade-dotnet-hostfxr-6-0 oracle-linux-upgrade-dotnet-hostfxr-7-0 oracle-linux-upgrade-dotnet-hostfxr-8-0 oracle-linux-upgrade-dotnet-runtime-6-0 oracle-linux-upgrade-dotnet-runtime-7-0 oracle-linux-upgrade-dotnet-runtime-8-0 oracle-linux-upgrade-dotnet-sdk-6-0 oracle-linux-upgrade-dotnet-sdk-6-0-source-built-artifacts oracle-linux-upgrade-dotnet-sdk-7-0 oracle-linux-upgrade-dotnet-sdk-7-0-source-built-artifacts oracle-linux-upgrade-dotnet-sdk-8-0 oracle-linux-upgrade-dotnet-sdk-8-0-source-built-artifacts oracle-linux-upgrade-dotnet-targeting-pack-6-0 oracle-linux-upgrade-dotnet-targeting-pack-7-0 oracle-linux-upgrade-dotnet-targeting-pack-8-0 oracle-linux-upgrade-dotnet-templates-6-0 oracle-linux-upgrade-dotnet-templates-7-0 oracle-linux-upgrade-dotnet-templates-8-0 oracle-linux-upgrade-netstandard-targeting-pack-2-1 References https://attackerkb.com/topics/cve-2023-36049 CVE - 2023-36049 ELSA-2023-7256 ELSA-2023-7257 ELSA-2023-7258 ELSA-2023-7255 ELSA-2023-7253

Oracle Linux: CVE-2023-44444: ELSA-2024-0861:gimp:2.8 security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/14/2023 Created 05/22/2024 Added 05/21/2024 Modified 02/04/2025 Description GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. Crafted data in a PSP file can trigger an off-by-one error when calculating a location to write within a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-22097. A parsing vulnerability was found in the GNU Image Manipulation Program (GIMP). This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSP file, possibly enabling the execution of unauthorized code within the GIMP process. Solution(s) oracle-linux-upgrade-gimp oracle-linux-upgrade-gimp-devel oracle-linux-upgrade-gimp-devel-tools oracle-linux-upgrade-gimp-libs oracle-linux-upgrade-pygobject2 oracle-linux-upgrade-pygobject2-codegen oracle-linux-upgrade-pygobject2-devel oracle-linux-upgrade-pygobject2-doc oracle-linux-upgrade-pygtk2 oracle-linux-upgrade-pygtk2-codegen oracle-linux-upgrade-pygtk2-devel oracle-linux-upgrade-pygtk2-doc oracle-linux-upgrade-python2-cairo oracle-linux-upgrade-python2-cairo-devel References https://attackerkb.com/topics/cve-2023-44444 CVE - 2023-44444 ELSA-2024-0861 ELSA-2024-0675 ELSA-2024-10666 ELSA-2025-0746

Alpine Linux: CVE-2023-48237: Integer Overflow or Wraparound Severity 2 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:P) Published 11/16/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) alpine-linux-upgrade-vim References https://attackerkb.com/topics/cve-2023-48237 CVE - 2023-48237 https://security.alpinelinux.org/vuln/CVE-2023-48237

Oracle Linux: CVE-2023-44442: ELSA-2024-0861:gimp:2.8 security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/14/2023 Created 05/22/2024 Added 05/21/2024 Modified 02/04/2025 Description GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Was ZDI-CAN-22094. A parsing vulnerability was found in the GNU Image Manipulation Program (GIMP). This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process. Solution(s) oracle-linux-upgrade-gimp oracle-linux-upgrade-gimp-devel oracle-linux-upgrade-gimp-devel-tools oracle-linux-upgrade-gimp-libs oracle-linux-upgrade-pygobject2 oracle-linux-upgrade-pygobject2-codegen oracle-linux-upgrade-pygobject2-devel oracle-linux-upgrade-pygobject2-doc oracle-linux-upgrade-pygtk2 oracle-linux-upgrade-pygtk2-codegen oracle-linux-upgrade-pygtk2-devel oracle-linux-upgrade-pygtk2-doc oracle-linux-upgrade-python2-cairo oracle-linux-upgrade-python2-cairo-devel References https://attackerkb.com/topics/cve-2023-44442 CVE - 2023-44442 ELSA-2024-0861 ELSA-2024-0675 ELSA-2024-10666 ELSA-2025-0746

Oracle Linux: CVE-2023-44443: ELSA-2024-0675:gimp security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/14/2023 Created 05/22/2024 Added 05/21/2024 Modified 02/04/2025 Description GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-22096. A parsing vulnerability was found in the GNU Image Manipulation Program (GIMP). This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSP file, possibly enabling the execution of unauthorized code within the GIMP process. Solution(s) oracle-linux-upgrade-gimp oracle-linux-upgrade-gimp-devel oracle-linux-upgrade-gimp-devel-tools oracle-linux-upgrade-gimp-libs oracle-linux-upgrade-pygobject2 oracle-linux-upgrade-pygobject2-codegen oracle-linux-upgrade-pygobject2-devel oracle-linux-upgrade-pygobject2-doc oracle-linux-upgrade-pygtk2 oracle-linux-upgrade-pygtk2-codegen oracle-linux-upgrade-pygtk2-devel oracle-linux-upgrade-pygtk2-doc oracle-linux-upgrade-python2-cairo oracle-linux-upgrade-python2-cairo-devel References https://attackerkb.com/topics/cve-2023-44443 CVE - 2023-44443 ELSA-2024-0675 ELSA-2025-0746

Oracle Linux: CVE-2023-36558: ELSA-2023-7256:dotnet7.0 security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 11/14/2023 Created 11/25/2023 Added 11/23/2023 Modified 01/07/2025 Description ASP.NET Core - Security Feature Bypass Vulnerability A security feature bypass vulnerability was found in Blazor forms in ASP.NET in the .NET package. Solution(s) oracle-linux-upgrade-aspnetcore-runtime-6-0 oracle-linux-upgrade-aspnetcore-runtime-7-0 oracle-linux-upgrade-aspnetcore-runtime-8-0 oracle-linux-upgrade-aspnetcore-targeting-pack-6-0 oracle-linux-upgrade-aspnetcore-targeting-pack-7-0 oracle-linux-upgrade-aspnetcore-targeting-pack-8-0 oracle-linux-upgrade-dotnet oracle-linux-upgrade-dotnet-apphost-pack-6-0 oracle-linux-upgrade-dotnet-apphost-pack-7-0 oracle-linux-upgrade-dotnet-apphost-pack-8-0 oracle-linux-upgrade-dotnet-host oracle-linux-upgrade-dotnet-hostfxr-6-0 oracle-linux-upgrade-dotnet-hostfxr-7-0 oracle-linux-upgrade-dotnet-hostfxr-8-0 oracle-linux-upgrade-dotnet-runtime-6-0 oracle-linux-upgrade-dotnet-runtime-7-0 oracle-linux-upgrade-dotnet-runtime-8-0 oracle-linux-upgrade-dotnet-sdk-6-0 oracle-linux-upgrade-dotnet-sdk-6-0-source-built-artifacts oracle-linux-upgrade-dotnet-sdk-7-0 oracle-linux-upgrade-dotnet-sdk-7-0-source-built-artifacts oracle-linux-upgrade-dotnet-sdk-8-0 oracle-linux-upgrade-dotnet-sdk-8-0-source-built-artifacts oracle-linux-upgrade-dotnet-targeting-pack-6-0 oracle-linux-upgrade-dotnet-targeting-pack-7-0 oracle-linux-upgrade-dotnet-targeting-pack-8-0 oracle-linux-upgrade-dotnet-templates-6-0 oracle-linux-upgrade-dotnet-templates-7-0 oracle-linux-upgrade-dotnet-templates-8-0 oracle-linux-upgrade-netstandard-targeting-pack-2-1 References https://attackerkb.com/topics/cve-2023-36558 CVE - 2023-36558 ELSA-2023-7256 ELSA-2023-7257 ELSA-2023-7258 ELSA-2023-7255 ELSA-2023-7253

Adobe Acrobat: CVE-2023-44348: Security updates available for Adobe Acrobat and Reader (APSB23-54) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 11/14/2023 Created 04/26/2024 Added 04/26/2024 Modified 10/18/2024 Description Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-44348 https://helpx.adobe.com/security/products/acrobat/apsb23-54.html CVE - 2023-44348

Adobe Acrobat: CVE-2023-44371: Security updates available for Adobe Acrobat and Reader (APSB23-54) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/14/2023 Created 04/26/2024 Added 04/26/2024 Modified 10/18/2024 Description Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-44371 https://helpx.adobe.com/security/products/acrobat/apsb23-54.html CVE - 2023-44371

Adobe Acrobat: CVE-2023-44365: Security updates available for Adobe Acrobat and Reader (APSB23-54) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/14/2023 Created 04/26/2024 Added 04/26/2024 Modified 10/18/2024 Description Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-44365 https://helpx.adobe.com/security/products/acrobat/apsb23-54.html CVE - 2023-44365

Alpine Linux: CVE-2023-36558: Vulnerability in Multiple Components Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 11/14/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description ASP.NET Core - Security Feature Bypass Vulnerability Solution(s) alpine-linux-upgrade-dotnet6-build alpine-linux-upgrade-dotnet6-runtime alpine-linux-upgrade-dotnet7-build alpine-linux-upgrade-dotnet7-runtime References https://attackerkb.com/topics/cve-2023-36558 CVE - 2023-36558 https://security.alpinelinux.org/vuln/CVE-2023-36558

Alpine Linux: CVE-2023-36049: Vulnerability in Multiple Components Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/14/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability Solution(s) alpine-linux-upgrade-dotnet6-build alpine-linux-upgrade-dotnet6-runtime alpine-linux-upgrade-dotnet7-build alpine-linux-upgrade-dotnet7-runtime References https://attackerkb.com/topics/cve-2023-36049 CVE - 2023-36049 https://security.alpinelinux.org/vuln/CVE-2023-36049

Adobe Photoshop: CVE-2023-44331: Security updates available for Adobe Photoshop (APSB23-56) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 11/14/2023 Created 04/29/2024 Added 03/04/2024 Modified 12/18/2024 Description Adobe has released an update for Photoshop for Windows and macOS. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Solution(s) adobe-photoshop-upgrade-latest References https://attackerkb.com/topics/cve-2023-44331 CVE - 2023-44331 https://helpx.adobe.com/security/products/photoshop/apsb23-56.html

APSB23-54:Adobe Acrobat and Reader for Windows and macOS (CVE-2023-44360) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 11/14/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description Deprecated Solution(s) References https://attackerkb.com/topics/cve-2023-44360 CVE - 2023-44360 https://helpx.adobe.com/security/products/reader/apsb23-54.html

APSB23-54:Adobe Acrobat and Reader for Windows and macOS (CVE-2023-44356) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 11/14/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description Deprecated Solution(s) References https://attackerkb.com/topics/cve-2023-44356 CVE - 2023-44356 https://helpx.adobe.com/security/products/reader/apsb23-54.html

APSB23-54:Adobe Acrobat and Reader for Windows and macOS (CVE-2023-44339) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 11/14/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description Deprecated Solution(s) References https://attackerkb.com/topics/cve-2023-44339 CVE - 2023-44339 https://helpx.adobe.com/security/products/reader/apsb23-54.html

Adobe Photoshop: CVE-2023-44335: Security updates available for Adobe Photoshop (APSB23-56) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 11/14/2023 Created 04/29/2024 Added 03/04/2024 Modified 12/18/2024 Description Adobe has released an update for Photoshop for Windows and macOS. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Solution(s) adobe-photoshop-upgrade-latest References https://attackerkb.com/topics/cve-2023-44335 CVE - 2023-44335 https://helpx.adobe.com/security/products/photoshop/apsb23-56.html

Adobe Photoshop: CVE-2023-44334: Security updates available for Adobe Photoshop (APSB23-56) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 11/14/2023 Created 04/29/2024 Added 03/04/2024 Modified 12/18/2024 Description Adobe has released an update for Photoshop for Windows and macOS. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. Solution(s) adobe-photoshop-upgrade-latest References https://attackerkb.com/topics/cve-2023-44334 CVE - 2023-44334 https://helpx.adobe.com/security/products/photoshop/apsb23-56.html

CVE-2023-36037: Microsoft Excel Security Feature Bypass Vulnerability [Office for Mac] Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/14/2023 Created 11/15/2023 Added 11/14/2023 Modified 01/28/2025 Description CVE-2023-36037: Microsoft Excel Security Feature Bypass Vulnerability [Office for Mac] Solution(s) office-for-mac-upgrade-16_79_0 References https://attackerkb.com/topics/cve-2023-36037 CVE - 2023-36037 https://learn.microsoft.com/en-us/officeupdates/release-notes-office-for-mac#november-14-2023

CVE-2023-36041: Microsoft Excel Remote Code Execution Vulnerability [Office for Mac] Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/14/2023 Created 11/15/2023 Added 11/14/2023 Modified 01/28/2025 Description CVE-2023-36041: Microsoft Excel Remote Code Execution Vulnerability [Office for Mac] Solution(s) office-for-mac-upgrade-16_79_0 References https://attackerkb.com/topics/cve-2023-36041 CVE - 2023-36041 https://learn.microsoft.com/en-us/officeupdates/release-notes-office-for-mac#november-14-2023