CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30305 – ZDI-CAN-23043: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30305
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb24-07.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30304 – ZDI-CAN-23040: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30304
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb24-07.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28798 – Out-of-bounds write to heap in pacparser
https://notcve.org/view.php?id=CVE-2023-28798
An out-of-bounds write to heap in the pacparser library on Zscaler Client Connector on Mac may lead to arbitrary code execution. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=macOS&applicable_version=3.7&deployment_date=2022-08-19&id=1414851 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-3955 – Arbitrary code execution in CraftBeerPi 4
https://notcve.org/view.php?id=CVE-2024-3955
URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/http_endpoints/http_system.py" is subsequently passed to the "os.system" function in "cbpi/controller/system_controller.py" without prior validation allowing to execute arbitrary code.This issue affects CraftBeerPi 4: from 4.0.0.58 (commit 563fae9) before 4.4.1.a1 (commit 57572c7). El parámetro GET de URL "logtime" utilizado dentro de la función "downloadlog" de "cbpi/http_endpoints/http_system.py" se pasa posteriormente a la función "os.system" en "cbpi/controller/system_controller.py" sin validación previa que permita ejecutar código arbitrario. Este problema afecta a CraftBeerPi 4: desde 4.0.0.58 (commit 563fae9) antes de 4.4.1.a1 (commit 57572c7). • https://cert.pl/en/posts/2024/05/CVE-2024-3955 https://cert.pl/posts/2024/05/CVE-2024-3955 https://github.com/PiBrewing/craftbeerpi4/issues/132 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-29309
https://notcve.org/view.php?id=CVE-2024-29309
An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service. Un problema en Alfresco Content Services v.23.3.0.7 permite a un atacante remoto ejecutar código arbitrario a través del Servicio de Transferencia. • https://gist.github.com/Siebene/c22e1a4a4a8b61067180475895e60858 • CWE-94: Improper Control of Generation of Code ('Code Injection') •