CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-7722 – Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-7722
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://www.zerodayinitiative.com/advisories/ZDI-24-1124 https://www.foxit.com/support/security-bulletins.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38171 – Microsoft PowerPoint Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38171
Microsoft PowerPoint Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office PowerPoint. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38171 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39386 – ZDI-CAN-24057: Adobe Bridge AVI FIle Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-39386
Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://helpx.adobe.com/security/products/bridge/apsb24-59.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6823 – Media Library Assistant <= 3.18 - Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action
https://notcve.org/view.php?id=CVE-2024-6823
This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/includes/class-mla-settings.php#L32 https://plugins.trac.wordpress.org/changeset/3133909 https://wordpress.org/plugins/media-library-assistant/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/9a446fe7-c97a-436e-b494-b924e6518297?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42489 – Pro Macros Remote Code Execution via Viewpdf and similar macros
https://notcve.org/view.php?id=CVE-2024-42489
Missing escaping in the Viewpdf macro allows any user with view right on the `CKEditor.HTMLConverter` page or edit or comment right on any page to perform remote code execution. • https://github.com/xwikisas/xwiki-pro-macros/blob/main/xwiki-pro-macros-ui/src/main/resources/Confluence/Macros/Viewpdf.xml#L265-L267 https://github.com/xwikisas/xwiki-pro-macros/commit/199553c84901999481a20614f093af2d57970eba https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-cfq3-q227-7j65 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •