CVE-2024-3568 – Arbitrary Code Execution via Deserialization in huggingface/transformers
https://notcve.org/view.php?id=CVE-2024-3568
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. • https://github.com/huggingface/transformers/commit/693667b8ac8138b83f8adb6522ddaf42fa07c125 https://huntr.com/bounties/b3c36992-5264-4d7f-9906-a996efafba8f • CWE-502: Deserialization of Untrusted Data •
CVE-2024-20772 – Adobe Media Encoder 2024 AI file parsing Stack based buffer overflow
https://notcve.org/view.php?id=CVE-2024-20772
Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/media-encoder/apsb24-23.html • CWE-121: Stack-based Buffer Overflow •
CVE-2024-20758 – [Adobe Cloud] RCE through frontend gift registry sharing
https://notcve.org/view.php?id=CVE-2024-20758
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/magento/apsb24-18.html • CWE-20: Improper Input Validation •
CVE-2024-29500
https://notcve.org/view.php?id=CVE-2024-29500
An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a ClickOnce application instance. Un problema en el modo quiosco de Secure Lockdown Multi Application Edition v2.00.219 permite a los atacantes ejecutar código arbitrario ejecutando una instancia de aplicación ClickOnce. • https://www.drive-byte.de/en/blog/inteset-bugs-and-hardening • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-27476
https://notcve.org/view.php?id=CVE-2024-27476
Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket. Leantime 3.0.6 es vulnerable a la inyección de HTML a través de /dashboard/show#/tickets/newTicket. • https://github.com/dead1nfluence/Leantime-POC https://drive.proton.me/urls/X9G9MY1FAW#NLS8RkHUihLY https://github.com/Leantime/leantime/blob/264a7dbc2c9b18f574821bf27dd568a287ee8498/app/Domain/Tickets/Controllers/ShowTicket.php#L20 https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •