CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-30300 – Tenable Vulnerability Disclosure | Sensitive Information Disclosure Via Fake FMPS Worker
https://notcve.org/view.php?id=CVE-2024-30300
Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Information Exposure vulnerability (CWE-200) that could lead to privilege escalation. An attacker could exploit this vulnerability to gain access to sensitive information which may include system or user privileges. Exploitation of this issue does not require user interaction. Las versiones 2020.3, 2022.2 y anteriores de Adobe Framemaker Publishing Server se ven afectadas por una vulnerabilidad de exposición de información (CWE-200) que podría provocar una escalada de privilegios. Un atacante podría aprovechar esta vulnerabilidad para obtener acceso a información confidencial que puede incluir privilegios del sistema o del usuario. • https://helpx.adobe.com/security/products/framemaker-publishing-server/apsb24-38.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-30299 – Tenable Vulnerability Disclosure | API Auth Bypass
https://notcve.org/view.php?id=CVE-2024-30299
Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction. Las versiones 2020.3, 2022.2 y anteriores de Adobe Framemaker Publishing Server se ven afectadas por una vulnerabilidad de autenticación incorrecta que podría provocar una escalada de privilegios. Un atacante podría aprovechar esta vulnerabilidad para obtener acceso no autorizado o privilegios elevados dentro de la aplicación. • https://helpx.adobe.com/security/products/framemaker-publishing-server/apsb24-38.html • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-20753 – Adobe Photoshop PDF File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20753
Photoshop Desktop versions 24.7.3, 25.7 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 24.7.3, 25.7 y anteriores de Photoshop Desktop se ven afectadas por una vulnerabilidad de lectura fuera de los límites al analizar un archivo manipulado, lo que podría resultar en una lectura más allá del final de una estructura de memoria asignada. Un atacante podría aprovechar esta vulnerabilidad para ejecutar código en el contexto del usuario actual. • https://helpx.adobe.com/security/products/photoshop/apsb24-27.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-30278 – Adobe Media Encoder 2024 TGA File parsing memory corruption
https://notcve.org/view.php?id=CVE-2024-30278
Media Encoder versions 23.6.5, 24.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 23.6.5, 24.3 y anteriores de Media Encoder se ven afectadas por una vulnerabilidad de lectura fuera de los límites que podría provocar la divulgación de memoria confidencial. Un atacante podría aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. • https://helpx.adobe.com/security/products/media-encoder/apsb24-34.html • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 71EXPL: 0CVE-2024-34106 – Insecure Direct Object Reference - An attacker can able to erase the victim quote details
https://notcve.org/view.php?id=CVE-2024-34106
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require user interaction. Las versiones 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorización incorrecta que podría provocar la omisión de una característica de seguridad. Un atacante podría aprovechar esta vulnerabilidad para obtener acceso no autorizado o realizar acciones con los privilegios de otro usuario. • https://helpx.adobe.com/security/products/magento/apsb24-40.html • CWE-863: Incorrect Authorization •