CVE-2024-20789 – ZDI-CAN-24030: Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20789
Dimension versions 3.4.11 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/dimension/apsb24-47.html • CWE-416: Use After Free •
CVE-2024-34124 – ZDI-CAN-24031: Adobe Dimension SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-34124
Dimension versions 3.4.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/dimension/apsb24-47.html • CWE-787: Out-of-bounds Write •
CVE-2024-41840 – ZDI-CAN-24607: Adobe Bridge JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-41840
Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/bridge/apsb24-59.html • CWE-787: Out-of-bounds Write •
CVE-2024-39386 – ZDI-CAN-24057: Adobe Bridge AVI FIle Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-39386
Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/bridge/apsb24-59.html • CWE-787: Out-of-bounds Write •
CVE-2024-7094 – JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.6 - Unauthenticated PHP Code Injection to Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-7094
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. ... This issue was partially patched in 2.8.6 when the code injection issue was resolved, and fully patched in 2.8.7 when the missing authorization and cross-site request forgery protection was added. The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. ... This issue was partially patched in 2.8.6 when the code injection issue was resolved, and fully patched in 2.8.7 when the missing authorization and cross-site request forgery protection was added. • https://github.com/nastar-id/CVE-2024-7094 https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/includes/css/style.php https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/includes/formhandler.php https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/modules/themes/controller.php https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/modules/themes/model.php https://plugins.trac.wordpress.org/browser/js-s • CWE-94: Improper Control of Generation of Code ('Code Injection') •