CVE-2024-30272 – Adobe Illustrator 2024 GIF file parsing Out-Of-Bound Write remote code execution vulnerabiity
https://notcve.org/view.php?id=CVE-2024-30272
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/illustrator/apsb24-25.html • CWE-787: Out-of-bounds Write •
CVE-2024-30273 – Adobe Illustrator 2024 PS file Parsing Stack based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30273
Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/illustrator/apsb24-25.html • CWE-121: Stack-based Buffer Overflow •
CVE-2024-20795 – Animate has an arbitrary code execution vulnerability when parsing svg files
https://notcve.org/view.php?id=CVE-2024-20795
Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/animate/apsb24-26.html • CWE-190: Integer Overflow or Wraparound •
CVE-2024-21508
https://notcve.org/view.php?id=CVE-2024-21508
Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values. Las versiones del paquete mysql2 anteriores a la 3.9.4 son vulnerables a la ejecución remota de código (RCE) a través de la función readCodeFor debido a una validación incorrecta de los valores supportBigNumbers y bigNumberStrings. • https://blog.slonser.info/posts/mysql2-attacker-configuration https://github.com/sidorares/node-mysql2/blob/1609b5393516d72a4ae47196837317fbe75e0c13/lib/parsers/text_parser.js%23L14C10-L14C21 https://github.com/sidorares/node-mysql2/commit/74abf9ef94d76114d9a09415e28b496522a94805 https://github.com/sidorares/node-mysql2/pull/2572 https://github.com/sidorares/node-mysql2/releases/tag/v3.9.4 https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591085 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-25376
https://notcve.org/view.php?id=CVE-2024-25376
An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode. Un problema descubierto en los instaladores basados en MSI de Thesycon Software Solutions Gmbh & Co. KG TUSBAudio anteriores a 5.68.0 permite a un atacante local ejecutar código arbitrario a través del modo de reparación msiexec.exe. • https://github.com/ewilded/CVE-2024-25376-POC https://www.thesycon.de/eng/usb_audiodriver.shtml#SecurityAdvisory • CWE-94: Improper Control of Generation of Code ('Code Injection') •