CVSS: 3.3EPSS: %CPEs: -EXPL: 0CVE-2024-9758 – Tungsten Automation Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9758
An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •
CVSS: 3.3EPSS: %CPEs: -EXPL: 0CVE-2024-9760 – Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9760
An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-9732 – Tungsten Automation Power PDF XPS File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9732
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-9748 – Tungsten Automation Power PDF XPS File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9748
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45316 – SonicWALL Connect Tunnel Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-45316
The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Secure Mobile Access service. By creating a symbolic link, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0017 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •