CVE-2024-30273 – Adobe Illustrator 2024 PS file Parsing Stack based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30273
Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/illustrator/apsb24-25.html • CWE-121: Stack-based Buffer Overflow •
CVE-2024-20795 – Animate has an arbitrary code execution vulnerability when parsing svg files
https://notcve.org/view.php?id=CVE-2024-20795
Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/animate/apsb24-26.html • CWE-190: Integer Overflow or Wraparound •
CVE-2024-21508
https://notcve.org/view.php?id=CVE-2024-21508
Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values. Las versiones del paquete mysql2 anteriores a la 3.9.4 son vulnerables a la ejecución remota de código (RCE) a través de la función readCodeFor debido a una validación incorrecta de los valores supportBigNumbers y bigNumberStrings. • https://blog.slonser.info/posts/mysql2-attacker-configuration https://github.com/sidorares/node-mysql2/blob/1609b5393516d72a4ae47196837317fbe75e0c13/lib/parsers/text_parser.js%23L14C10-L14C21 https://github.com/sidorares/node-mysql2/commit/74abf9ef94d76114d9a09415e28b496522a94805 https://github.com/sidorares/node-mysql2/pull/2572 https://github.com/sidorares/node-mysql2/releases/tag/v3.9.4 https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591085 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-25376
https://notcve.org/view.php?id=CVE-2024-25376
An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode. Un problema descubierto en los instaladores basados en MSI de Thesycon Software Solutions Gmbh & Co. KG TUSBAudio anteriores a 5.68.0 permite a un atacante local ejecutar código arbitrario a través del modo de reparación msiexec.exe. • https://github.com/ewilded/CVE-2024-25376-POC https://www.thesycon.de/eng/usb_audiodriver.shtml#SecurityAdvisory • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-30878
https://notcve.org/view.php?id=CVE-2024-30878
A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter. Vulnerabilidad decross-site scripting (XSS) en RageFrame2 v2.6.43 permite a atacantes remotos ejecutar scripts web o HTML arbitrarios y obtener información confidencial a través de un payload manipulado inyectado en el parámetro upload_drive. • https://github.com/jianyan74/rageframe2/issues/111 • CWE-94: Improper Control of Generation of Code ('Code Injection') •