CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-20715 – Adobe Substance 3D Stager v2.1.1 Vulnerability VIII
https://notcve.org/view.php?id=CVE-2024-20715
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 2.1.3 y anteriores de Adobe Substance 3D Stager se ven afectadas por una vulnerabilidad de lectura fuera de los límites que podría provocar la divulgación de memoria confidencial. Un atacante podría aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. • https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-20710 – Adobe Substance 3D Stager v2.1.1 Vulnerability I
https://notcve.org/view.php?id=CVE-2024-20710
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 2.1.3 y anteriores de Adobe Substance 3D Stager se ven afectadas por una vulnerabilidad de lectura fuera de los límites que podría provocar la divulgación de memoria confidencial. Un atacante podría aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. • https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48618 – Apple Multiple Products Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2022-48618
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1. El problema se solucionó con controles mejorados. • https://support.apple.com/en-us/HT213530 https://support.apple.com/en-us/HT213532 https://support.apple.com/en-us/HT213535 https://support.apple.com/en-us/HT213536 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-29485
https://notcve.org/view.php?id=CVE-2023-29485
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module. Se descubrió un problema en las versiones 3.4.2 y anteriores del agente Heimdal Thor en Windows y 2.6.9 y anteriores en macOS, que permite a los atacantes omitir el filtrado de red, ejecutar código arbitrario y obtener información confidencial a través del módulo de prevención de amenazas DarkLayer Guard. • https://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 1CVE-2023-29487
https://notcve.org/view.php?id=CVE-2023-29487
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. Se descubrió un problema en las versiones 3.4.2 y anteriores del agente Heimdal Thor en Windows y 2.6.9 y anteriores en macOS, que permite a los atacantes provocar una denegación de servicio (DoS) a través del módulo de prevención de amenazas Threat To Process Correlation. • https://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93 • CWE-1333: Inefficient Regular Expression Complexity •