CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34130 – Acrobat Android : OverSecured Finding : Access to arbitrary* content providers via insecure Intent configuration
https://notcve.org/view.php?id=CVE-2024-34130
Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could exploit this vulnerability to access confidential information. Exploitation of this issue does not require user interaction. Las versiones 24.4.2.33155 y anteriores de Acrobat Mobile Sign para Android se ven afectadas por una vulnerabilidad de autorización incorrecta que podría provocar la omisión de una función de seguridad. Un atacante podría aprovechar esta vulnerabilidad para acceder a información confidencial. • https://helpx.adobe.com/security/products/acrobat-android/apsb24-50.html • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34129 – Acrobat Android : OverSecured Finding : Overwriting arbitrary files via attacker-controlled output file paths
https://notcve.org/view.php?id=CVE-2024-34129
Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to access files and directories that are outside the restricted directory and also to overwrite arbitrary files. Exploitation of this issue does not requires user interaction and attack complexity is high. Las versiones 24.4.2.33155 y anteriores de Acrobat Mobile Sign para Android se ven afectadas por una vulnerabilidad de limitación inadecuada de un nombre de ruta a un directorio restringido ("Path Traversal") que podría provocar una omisión de la función de seguridad. Un atacante podría aprovechar esta vulnerabilidad para acceder a archivos y directorios que están fuera del directorio restringido y también para sobrescribir archivos arbitrarios. • https://helpx.adobe.com/security/products/acrobat-android/apsb24-50.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34112 – ColdFusion CFDOCUMENT file retrieval / access control bypass
https://notcve.org/view.php?id=CVE-2024-34112
ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could exploit this vulnerability to gain unauthorized access to sensitive files or data. Exploitation of this issue does not require user interaction. Las versiones 2023u7, 2021u13 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podría provocar una lectura arbitraria del sistema de archivos. Un atacante podría aprovechar esta vulnerabilidad para obtener acceso no autorizado a archivos o datos confidenciales. • https://helpx.adobe.com/security/products/coldfusion/apsb24-41.html • CWE-284: Improper Access Control •
CVSS: 6.2EPSS: 0%CPEs: 20EXPL: 0CVE-2024-34113 – ColdFusion | Weak Cryptography for Passwords (CWE-261)
https://notcve.org/view.php?id=CVE-2024-34113
ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the confidentiality of password data. An attacker could exploit this weakness to decrypt or guess passwords, potentially gaining unauthorized access to protected resources. Exploitation of this issue does not require user interaction. Las versiones 2023u7, 2021u13 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de criptografía débil para contraseñas que podría provocar una omisión de la función de seguridad. • https://helpx.adobe.com/security/products/coldfusion/apsb24-41.html • CWE-261: Weak Encoding for Password CWE-326: Inadequate Encryption Strength •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34116 – Adobe Creative Cloud App Install Arbitrary Folder Delete Vulnerability can be abuse to Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-34116
Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to load and execute malicious libraries, leading to arbitrary file delete. Exploitation of this issue requires user interaction. Las versiones 6.1.0.587 y anteriores de Creative Cloud Desktop se ven afectadas por una vulnerabilidad de elemento de ruta de búsqueda no controlada que podría provocar la omisión de una característica de seguridad. Un atacante podría aprovechar esta vulnerabilidad para cargar y ejecutar librerías maliciosas, lo que provocaría la eliminación arbitraria de archivos. • https://helpx.adobe.com/security/products/creative-cloud/apsb24-44.html • CWE-427: Uncontrolled Search Path Element •