CVE-2023-5935 – Missing authentication for local web interface in Arc before v1.6.0
https://notcve.org/view.php?id=CVE-2023-5935
This could also lead to arbitrary code execution if a malicious update package is installed. • https://security.nozominetworks.com/NN-2023:13-01 • CWE-306: Missing Authentication for Critical Function •
CVE-2024-35179 – Unprivileged Stalwart Mail Server user can read files as root
https://notcve.org/view.php?id=CVE-2024-35179
This issue affects admins who have set up to run stalwart with `RUN_AS_USER` who handed out admin credentials to the mail server but expect these to only grant access according to the `RUN_AS_USER` and are attacked where the attackers managed to achieve Arbitrary Code Execution using another vulnerability. • https://github.com/stalwartlabs/mail-server/security/advisories/GHSA-5pfx-j27j-4c6h • CWE-271: Privilege Dropping / Lowering Errors •
CVE-2024-3319 – Security implication in SailPoint Identity Security Cloud IdentityProfile API Endpoints
https://notcve.org/view.php?id=CVE-2024-3319
An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host. • https://www.sailpoint.com/security-advisories • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-34100 – Use-After-Free vulnerability in the latest Adobe Acrobat Reader DC when open malicious PDF file
https://notcve.org/view.php?id=CVE-2024-34100
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb24-29.html • CWE-416: Use After Free •
CVE-2024-30284 – ZDI-CAN-23466: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30284
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb24-29.html • CWE-416: Use After Free •