CVSS: 6.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-29510 – ghostscript: format string injection leads to shell command execution (SAFER bypass)
https://notcve.org/view.php?id=CVE-2024-29510
This lack of restriction permits arbitrary format strings with multiple specifiers, potentially leading to data leakage from the stack and memory corruption. • https://github.com/swsmith2391/CVE-2024-29510 https://bugs.ghostscript.com/show_bug.cgi?id=707662 https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation https://www.openwall.com/lists/oss-security/2024/07/03/7 https://access.redhat.com/security/cve/CVE-2024-29510 https://bugzilla.redhat.com/show_bug.cgi?id=2293950 • CWE-20: Improper Input Validation CWE-693: Protection Mechanism Failure •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-4322 – Path Traversal in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-4322
Successful exploitation of this vulnerability could allow an attacker to list all folders in the drive on the system, potentially leading to information disclosure. • https://huntr.com/bounties/5116d858-ce00-418c-a5a5-851c5608c209 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20793 – Illustrator 2024 TIF file parsing Out Of Bound Read Information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-20793
Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/illustrator/apsb24-30.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4357 – XML External Entity Processing Information Disclosure
https://notcve.org/view.php?id=CVE-2024-4357
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software Telerik Reporting. ... An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. • https://docs.telerik.com/report-server/knowledge-base/xxe-vulnerability-cve-2024-4357 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3486 – XML External Entity injection vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3486
This could lead to information disclosure and remote code execution. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-611: Improper Restriction of XML External Entity Reference •