CVE-2023-38245

MEDIUM Year: 2023
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-200
View all →

Vulnerability Description

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page.

Related Vulnerabilities

CVE-2008-3893

MEDIUM
CVSS:5.5(Medium)

Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sens...

CWE-2002008

CVE-2010-2538

MEDIUM
CVSS:5.5(Medium)

Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call.

CWE-2002010

CVE-2010-3078

MEDIUM
CVSS:5.5(Medium)

The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sen...

CWE-2002010

CVE-2011-2898

MEDIUM
CVSS:5.5(Medium)

net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows loc...

CWE-2002011

CVE-2011-4915

MEDIUM
CVSS:5.5(Medium)

fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.

CWE-2002011

CVE-2011-4916

MEDIUM
CVSS:5.5(Medium)

Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.

CWE-2002011