CVE-2024-39384 – Premiere Pro | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2024-39384
Premiere Pro versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/premiere_pro/apsb24-58.html • CWE-787: Out-of-bounds Write •
CVE-2024-43760 – Photoshop Desktop | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2024-43760
Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/photoshop/apsb24-72.html • CWE-787: Out-of-bounds Write •
CVE-2024-37288
https://notcve.org/view.php?id=CVE-2024-37288
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. • https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119 • CWE-502: Deserialization of Untrusted Data •
CVE-2024-8268 – Frontend Dashboard <= 2.2.4 - Authenticated (Subscriber+) Arbitrary Function Call
https://notcve.org/view.php?id=CVE-2024-8268
The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajax_request() function in all versions up to, and including, 2.2.4. • https://plugins.trac.wordpress.org/browser/frontend-dashboard/tags/2.2.4/route/class-fed-request.php#L29 https://plugins.trac.wordpress.org/changeset/3147868/frontend-dashboard/tags/2.2.5/route/class-fed-request.php?old=3048034&old_path=frontend-dashboard%2Ftags%2F2.2.4%2Froute%2Fclass-fed-request.php https://www.wordfence.com/threat-intel/vulnerabilities/id/7d66694a-c99f-44f8-8004-1a47ad9f9250?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-8478 – Affiliate Super Assistent <= 1.5.3 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-8478
The The Affiliate Super Assistent plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.5.3. This is due to the software allowing users to supply arbitrary shortcodes in comments when the 'Parse comments' option is enabled. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/amazonsimpleadmin/trunk/AsaCore.php#L285 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3147740%40amazonsimpleadmin&new=3147740%40amazonsimpleadmin&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/7f50769c-77b8-42ff-b67d-b9b289fc51da?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •