CVE-2024-30081 – Windows NTLM Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-30081
Windows NTLM Spoofing Vulnerability Vulnerabilidad de suplantación de Windows NTLM • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30081 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-28899 – Secure Boot Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-28899
Secure Boot Security Feature Bypass Vulnerability Vulnerabilidad de omisión de la función de seguridad de arranque seguro • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28899 • CWE-121: Stack-based Buffer Overflow •
CVE-2024-36991 – Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows
https://notcve.org/view.php?id=CVE-2024-36991
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows. En las versiones de Splunk Enterprise en Windows inferiores a 9.2.2, 9.1.5 y 9.0.10, un atacante podría realizar un path traversal en el endpoint /modules/messaging/ en Splunk Enterprise en Windows. Esta vulnerabilidad solo debería afectar a Splunk Enterprise en Windows. • https://github.com/bigb0x/CVE-2024-36991 https://github.com/Mr-xn/CVE-2024-36991 https://github.com/th3gokul/CVE-2024-36991 https://github.com/Cappricio-Securities/CVE-2024-36991 https://github.com/sardine-web/CVE-2024-36991 https://advisory.splunk.com/advisories/SVD-2024-0711 https://research.splunk.com/application/e7c2b064-524e-4d65-8002-efce808567aa • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVE-2024-20753 – Adobe Photoshop PDF File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20753
Photoshop Desktop versions 24.7.3, 25.7 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 24.7.3, 25.7 y anteriores de Photoshop Desktop se ven afectadas por una vulnerabilidad de lectura fuera de los límites al analizar un archivo manipulado, lo que podría resultar en una lectura más allá del final de una estructura de memoria asignada. Un atacante podría aprovechar esta vulnerabilidad para ejecutar código en el contexto del usuario actual. • https://helpx.adobe.com/security/products/photoshop/apsb24-27.html • CWE-125: Out-of-bounds Read •
CVE-2024-35265 – Windows Perception Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-35265
Windows Perception Service Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del servicio de percepción de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35265 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •