CVE-2024-20772 – Adobe Media Encoder 2024 AI file parsing Stack based buffer overflow
https://notcve.org/view.php?id=CVE-2024-20772
Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/media-encoder/apsb24-23.html • CWE-121: Stack-based Buffer Overflow •
CVE-2024-20758 – [Adobe Cloud] RCE through frontend gift registry sharing
https://notcve.org/view.php?id=CVE-2024-20758
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/magento/apsb24-18.html • CWE-20: Improper Input Validation •
CVE-2024-29500
https://notcve.org/view.php?id=CVE-2024-29500
An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a ClickOnce application instance. Un problema en el modo quiosco de Secure Lockdown Multi Application Edition v2.00.219 permite a los atacantes ejecutar código arbitrario ejecutando una instancia de aplicación ClickOnce. • https://www.drive-byte.de/en/blog/inteset-bugs-and-hardening • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-27476
https://notcve.org/view.php?id=CVE-2024-27476
Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket. Leantime 3.0.6 es vulnerable a la inyección de HTML a través de /dashboard/show#/tickets/newTicket. • https://github.com/dead1nfluence/Leantime-POC https://drive.proton.me/urls/X9G9MY1FAW#NLS8RkHUihLY https://github.com/Leantime/leantime/blob/264a7dbc2c9b18f574821bf27dd568a287ee8498/app/Domain/Tickets/Controllers/ShowTicket.php#L20 https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-26362
https://notcve.org/view.php?id=CVE-2024-26362
HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note. Vulnerabilidad de inyección de HTML en Enpass Password Manager Desktop Client 6.9.2 para Windows y Linux permite a los atacantes ejecutar código HTML arbitrario mediante la creación de una nota manipulada. • https://packetstormsecurity.com/files/177075/Enpass-Desktop-Application-6.9.2-HTML-Injection.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •