CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39404 – A user without Shop Policy Parameters section privilege can alter the shop policy parameters section
https://notcve.org/view.php?id=CVE-2024-39404
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb24-61.html • CWE-285: Improper Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39415 – An unauthorized user can export the Tax Sales Report
https://notcve.org/view.php?id=CVE-2024-39415
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb24-61.html • CWE-285: Improper Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39405 – Adobe Commerce | Improper Authorization (CWE-285)
https://notcve.org/view.php?id=CVE-2024-39405
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb24-61.html • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41864 – Adobe Substance 3D Designer ICO Parsing Out-Of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-41864
Substance3D - Designer versions 13.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/substance3d_designer/apsb24-67.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41862 – Adobe Substance 3D Sampler Memory Corruption Out-of-Bounds-READ Vulnerability II, when parsing PSD file
https://notcve.org/view.php?id=CVE-2024-41862
Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/substance3d-sampler/apsb24-65.html • CWE-125: Out-of-bounds Read •