CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39396 – Adobe Indesign 2024 PCX File Parsing Out Of Bound Read
https://notcve.org/view.php?id=CVE-2024-39396
InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones ID18.5.2, ID19.3 y anteriores de InDesign Desktop se ven afectadas por una vulnerabilidad de lectura fuera de los límites que podría provocar la divulgación de memoria confidencial. Un atacante podría aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. • https://helpx.adobe.com/security/products/indesign/apsb24-48.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39379 – Acrobat for Edge | Out-of-bounds Read (CWE-125)
https://notcve.org/view.php?id=CVE-2024-39379
Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to arbitrary file system read access. An attacker could exploit this vulnerability to read contents from a location in memory past the buffer boundary, potentially leading to sensitive information disclosure. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-39379 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41836 – Adobe Indesign 2024 GIF File Parsing Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2024-41836
InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones ID18.5.2, ID19.3 y anteriores de InDesign Desktop se ven afectadas por una vulnerabilidad de desreferencia de puntero nulo que podría provocar una denegación de servicio (DoS) de la aplicación. Un atacante podría aprovechar esta vulnerabilidad para bloquear la aplicación, lo que provocaría una condición de denegación de servicio. • https://helpx.adobe.com/security/products/indesign/apsb24-48.html • CWE-476: NULL Pointer Dereference •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41839 – Adobe Experience Manager | Improper Input Validation (CWE-20)
https://notcve.org/view.php?id=CVE-2024-41839
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. Las versiones 6.5.20 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de validación de entrada incorrecta que podría provocar una omisión de la función de seguridad. Un atacante con pocos privilegios podría aprovechar esta vulnerabilidad para omitir las medidas de seguridad y afectar la integridad de la página. • https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34128 – Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-34128
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Las versiones 6.5.20 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de Cross Site Scripting (XSS) almacenado que podría ser aprovechada por un atacante con pocos privilegios para inyectar scripts maliciosos en campos de formulario vulnerables. Se puede ejecutar JavaScript malicioso en el navegador de la víctima cuando navega a la página que contiene el campo vulnerable. • https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •