CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39389 – Adobe Indesign PDF File Parsing Stack Based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-39389
14 Aug 2024 — InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/indesign/apsb24-56.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39394 – Adobe Indesign 2024 PDF File Parsing Out Of Bound Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-39394
14 Aug 2024 — InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/indesign/apsb24-56.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2024-42259 – drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
https://notcve.org/view.php?id=CVE-2024-42259
14 Aug 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://packetstorm.news/files/id/181725 •
CVSS: 9.8EPSS: 0%CPEs: 30EXPL: 0CVE-2024-20082
https://notcve.org/view.php?id=CVE-2024-20082
14 Aug 2024 — This could lead to remote code execution with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/August-2024 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37373 – Ivanti Avalanche FileStoreConfig Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-37373
14 Aug 2024 — Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2024-28986 – SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2024-28986
13 Aug 2024 — SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. ... • https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4389 – Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.1.1 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-4389
13 Aug 2024 — This makes it possible for authenticated attackers, with contributor access or higher, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/depicter/trunk/app/src/WordPress/FileUploaderService.php#L28 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6079 – DLL Hijacking Vulnerability Exists in Rockwell Automation Emulate3D™
https://notcve.org/view.php?id=CVE-2024-6079
13 Aug 2024 — A vulnerability exists in the Rockwell Automation Emulate3D™, which could be leveraged to execute a DLL Hijacking attack. A vulnerability exists in the Rockwell Automation Emulate3D™, which could be leveraged to execute a DLL Hijacking attack. ... If exploited, a malicious user could leverage a malicious dll and perform a remote code execution attack. If exploited, a malicious user could leverage a malicious dll and perform a remote code execution atta... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201683.html • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2024-38120 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38120
13 Aug 2024 — Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38120 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2024-38195 – Azure CycleCloud Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38195
13 Aug 2024 — Azure CycleCloud Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38195 • CWE-284: Improper Access Control •