CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-25298
https://notcve.org/view.php?id=CVE-2024-25298
17 Feb 2024 — An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php. Se descubrió un problema en REDAXO versión 5.15.1, que permite a los atacantes ejecutar código arbitrario y obtener información confidencial a través de module.modules.php. • https://github.com/CpyRe/I-Find-CVE-2024/blob/main/REDAXO%20RCE.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21165
https://notcve.org/view.php?id=CVE-2023-21165
16 Feb 2024 — In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. • https://source.android.com/security/bulletin/2024-01-01 • CWE-416: Use After Free •
CVSS: 8.3EPSS: 1%CPEs: 2EXPL: 0CVE-2024-25415
https://notcve.org/view.php?id=CVE-2024-25415
16 Feb 2024 — A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php. Una vulnerabilidad de ejecución remota de código (RCE) en /admin/define_language.php de CE Phoenix v1.0.8.20 permite a atacantes ejecutar código PHP de su elección inyectando un payload manipulado en el archivo english.php. • https://github.com/capture0x/Phoenix • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 17EXPL: 0CVE-2024-20720 – Command injection in data collector backup due to insufficient patching of CVE-2023-38208
https://notcve.org/view.php?id=CVE-2024-20720
15 Feb 2024 — Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. • https://helpx.adobe.com/security/products/magento/apsb24-03.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-20726 – [TianfuCup] JP2K Image Parsing Out-Of-Bounds Write
https://notcve.org/view.php?id=CVE-2024-20726
15 Feb 2024 — Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb24-07.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-20730 – TALOS-2023-1906 - Adobe Acrobat Reader Font CPAL integer overflow vulnerability
https://notcve.org/view.php?id=CVE-2024-20730
15 Feb 2024 — Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb24-07.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-20731 – TALOS-2023-1901 - Adobe Acrobat Reader FileAttachment PDAnnot destroy use-after-free vulnerability
https://notcve.org/view.php?id=CVE-2024-20731
15 Feb 2024 — Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb24-07.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-20727 – [TianfuCup] out-of-bounds access vulnerability when parsing jpeg2000
https://notcve.org/view.php?id=CVE-2024-20727
15 Feb 2024 — Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb24-07.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-20729 – TALOS-2023-1890 - Adobe Acrobat Reader Annot3D object zoom event use-after-free vulnerability
https://notcve.org/view.php?id=CVE-2024-20729
15 Feb 2024 — Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb24-07.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20744 – Adobe Substance 3D Paint PICT Parsing Access Violation Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-20744
15 Feb 2024 — Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html • CWE-787: Out-of-bounds Write •