CVE-2024-39387 – ZDI-CAN-24047: Adobe Bridge AVI FIle Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-39387
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Bridge. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://helpx.adobe.com/security/products/bridge/apsb24-59.html • CWE-125: Out-of-bounds Read •
CVE-2024-39426 – ZDI-CAN-24312: Adobe Acrobat Reader DC Annotation Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-39426
An attacker could leverage this vulnerability to execute code in the context of the current user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://helpx.adobe.com/security/products/acrobat/apsb24-57.html • CWE-125: Out-of-bounds Read •
CVE-2024-39422 – ZDI-CAN-24090: New Vulnerability Report - Use-after-free remote code execution vulnerability in Adobe Acrobat Reader DC
https://notcve.org/view.php?id=CVE-2024-39422
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://helpx.adobe.com/security/products/acrobat/apsb24-57.html • CWE-416: Use After Free •
CVE-2024-38163 – Windows Update Stack Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-38163
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the WinREUpdateInstaller_2401B_amd64 installer. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38163 • CWE-284: Improper Access Control •
CVE-2024-41623
https://notcve.org/view.php?id=CVE-2024-41623
An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload • http://d3d.com https://github.com/Anonymous120386/Anonymous • CWE-94: Improper Control of Generation of Code ('Code Injection') •