CVE-2023-28391
published 2023-11-14CVE-2023-28391: A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets…
PriorityP354critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.47%
70.6th percentile
A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| silabs | gecko_software_development_kit | — | — |
| silicon_labs | gecko_platform | — | — |
| weston-embedded | cesium_net | — | — |
| weston-embedded | uc-http | — | — |
| weston_embedded | cesium_net | — | — |
| weston_embedded | uc-http | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution
blogs_talos·2023-11-22·CVSS 7.8
[HIGH] Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution
## Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution
Cisco Talos’ Vulnerability Research team recently worked with Adobe and Microsoft to patch multiple vulnerabilities in the Acrobat and Excel software, respectively, that could lead to arbitrary code execution.
Talos also disclosed six vulnerabilities in the Weston Embedded µC-HTTP HTTP server implementation, some of which could also lead to code execution.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org , and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website .
## Adobe Acrobat Reader use-after-free vulnerabilities
Discovered by Jaewon Min and Aleksandar Nikolic of Cisco Talos.
Adobe r
Talos
Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution
blogs_talos·2023-11-22·CVSS 7.8
[HIGH] Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution
Cisco Talos’ Vulnerability Research team recently worked with Adobe and Microsoft to patch multiple vulnerabilities in the Acrobat and Excel software, respectively, that could lead to arbitrary code execution.
Talos also disclosed six vulnerabilities in the Weston Embedded µC-HTTP HTTP server implementation, some of which could also lead to code execution.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
# Adobe Acrobat Reader use-after-free vulnerabilities
Discovered by Jaewon Min and Aleksandar Nikolic of Cisco Talos.
Adobe recently patched two use-after-free vulnerabilities in its Acrobat PDF reader that Talos discover
2023-11-14
Published