CVE-2024-20782 – Adobe Indesign WMF File Parsing Out Of Bound Write
https://notcve.org/view.php?id=CVE-2024-20782
InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/indesign/apsb24-48.html • CWE-787: Out-of-bounds Write •
CVE-2024-34123 – Adobe Premiere Pro arbitrary DLL loading lead to remote code execution
https://notcve.org/view.php?id=CVE-2024-34123
Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. • https://helpx.adobe.com/security/products/premiere_pro/apsb24-46.html • CWE-426: Untrusted Search Path •
CVE-2024-5974 – Firebox Authenticated Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2024-5974
A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall. This issue affects Fireware OS: from 11.9.6 through 12.10.3. Un desbordamiento del búfer en WatchGuard Fireware OS podría permitir que un atacante remoto autenticado con acceso de administración privilegiado ejecute código arbitrario con privilegios del sistema en el firewall. Este problema afecta al sistema operativo Fireware: desde 11.9.6 hasta 12.10.3. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00011 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-39071
https://notcve.org/view.php?id=CVE-2024-39071
Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_event.php. Fujian Kelixun <=7.6.6.4391 es vulnerable a la inyección SQL en send_event.php. • https://gist.github.com/Y5neKO/561a038dab8584c1448aad3013b9c2c7 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-40726
https://notcve.org/view.php?id=CVE-2024-40726
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/{id}/edit/. Una vulnerabilidad de Cross Site Scripting (XSS) en netbox v4.0.3 permite a los atacantes ejecutar scripts web arbitrarios o HTML a través de un payload manipulado inyectado en el parámetro Name en /dcim/power-ports/{id}/edit/. • https://github.com/minhquan202/Vuln-Netbox • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •