CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-20753 – Adobe Photoshop PDF File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20753
Photoshop Desktop versions 24.7.3, 25.7 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 24.7.3, 25.7 y anteriores de Photoshop Desktop se ven afectadas por una vulnerabilidad de lectura fuera de los límites al analizar un archivo manipulado, lo que podría resultar en una lectura más allá del final de una estructura de memoria asignada. Un atacante podría aprovechar esta vulnerabilidad para ejecutar código en el contexto del usuario actual. • https://helpx.adobe.com/security/products/photoshop/apsb24-27.html • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35265 – Windows Perception Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-35265
Windows Perception Service Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del servicio de percepción de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35265 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.0EPSS: 0%CPEs: 16EXPL: 0CVE-2024-30099 – Windows Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-30099
Windows Kernel Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del kernel de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30099 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2024-30097 – Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30097
Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de la interfaz de programación de aplicaciones de voz (SAPI) de Microsoft • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30097 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-30096 – Windows Cryptographic Services Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-30096
Windows Cryptographic Services Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de servicios criptográficos de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30096 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •