CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39394 – Adobe Indesign 2024 PDF File Parsing Out Of Bound Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-39394
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/indesign/apsb24-56.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-20082
https://notcve.org/view.php?id=CVE-2024-20082
This could lead to remote code execution with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/August-2024 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37373
https://notcve.org/view.php?id=CVE-2024-37373
Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: -EXPL: 0CVE-2024-28986 – SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2024-28986
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. ... SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. ... SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution. • https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1 https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28986 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4389 – Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.1.1 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-4389
This makes it possible for authenticated attackers, with contributor access or higher, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/depicter/trunk/app/src/WordPress/FileUploaderService.php#L28 https://plugins.trac.wordpress.org/changeset/3108589/depicter/trunk/app/src/WordPress/FileUploaderService.php https://www.wordfence.com/threat-intel/vulnerabilities/id/81f025da-c28c-4a80-8b4f-27dae07b2b04?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •