CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30301 – ZDI-CAN-23042: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30301
02 May 2024 — Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb24-07.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30303 – ZDI-CAN-23044: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30303
02 May 2024 — Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb24-07.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30305 – ZDI-CAN-23043: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30305
02 May 2024 — Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb24-07.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30304 – ZDI-CAN-23040: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30304
02 May 2024 — Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb24-07.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28798 – Out-of-bounds write to heap in pacparser
https://notcve.org/view.php?id=CVE-2023-28798
02 May 2024 — An out-of-bounds write to heap in the pacparser library on Zscaler Client Connector on Mac may lead to arbitrary code execution. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=macOS&applicable_version=3.7&deployment_date=2022-08-19&id=1414851 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3955 – Arbitrary code execution in CraftBeerPi 4
https://notcve.org/view.php?id=CVE-2024-3955
02 May 2024 — URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/http_endpoints/http_system.py" is subsequently passed to the "os.system" function in "cbpi/controller/system_controller.py" without prior validation allowing to execute arbitrary code.This issue affects CraftBeerPi 4: from 4.0.0.58 (commit 563fae9) before 4.4.1.a1 (commit 57572c7). El parámetro GET de URL "logtime" utilizado dentro de la función "downloadlog" de "cbpi/http_endpoints/http_system.py" se pasa posteriormente a la ... • https://cert.pl/en/posts/2024/05/CVE-2024-3955 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29309
https://notcve.org/view.php?id=CVE-2024-29309
02 May 2024 — An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service. Un problema en Alfresco Content Services v.23.3.0.7 permite a un atacante remoto ejecutar código arbitrario a través del Servicio de Transferencia. • https://gist.github.com/Siebene/c22e1a4a4a8b61067180475895e60858 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2024-33394
https://notcve.org/view.php?id=CVE-2024-33394
02 May 2024 — An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. Un problema en kubevirt kubevirt v1.2.0 y anteriores permite a un atacante local ejecutar código arbitrario mediante un comando manipulado para obtener el componente token. • https://gist.github.com/HouqiyuA/1b75e23ece7ad98490aec1c887bdf49b • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23480 – Insecure MacOS code sign check fallback
https://notcve.org/view.php?id=CVE-2024-23480
01 May 2024 — A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos&applicable_version=4.2 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28893
https://notcve.org/view.php?id=CVE-2024-28893
01 May 2024 — Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. • https://support.hp.com/us-en/document/ish_10502451-10502508-16/hpsbhf03931 •