CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34094 – ZDI-CAN-23474: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-34094
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb24-29.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30310 – ZDI-CAN-23327: Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30310
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb24-29.html • CWE-787: Out-of-bounds Write •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34761 – Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Arbitrary Function Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-34761
Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before 6.2.10. The Advanced Custom Fields Pro plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 6.2.9. • https://patchstack.com/database/vulnerability/advanced-custom-fields-pro/wordpress-advanced-custom-fields-pro-plugin-6-2-10-contributor-arbitrary-function-execution-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-32465 – Git's protections for cloning untrusted repositories can be bypassed
https://notcve.org/view.php?id=CVE-2024-32465
If the victim were to clone this repository, it could result in arbitrary code execution. • http://www.openwall.com/lists/oss-security/2024/05/14/2 https://git-scm.com/docs/git#_security https://git-scm.com/docs/git-clone https://github.com/git/git/commit/7b70e9efb18c2cc3f219af399bd384c5801ba1d7 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR https://access.redhat.com/security&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-32352
https://notcve.org/view.php?id=CVE-2024-32352
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary. Se descubrió que TOTOLINK X5000R V9.1.0cu.2350_B20230313 contiene una vulnerabilidad de ejecución remota de comandos (RCE) autenticada a través del parámetro "ipsecL2tpEnable" en el binario "cstecgi.cgi". • https://github.com/1s1and123/Vulnerabilities/blob/main/device/ToToLink/X5000R/TOTOLink_X5000R_RCE.md https://www.totolink.net • CWE-94: Improper Control of Generation of Code ('Code Injection') •