CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20772 – Adobe Media Encoder 2024 AI file parsing Stack based buffer overflow
https://notcve.org/view.php?id=CVE-2024-20772
Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 24.2.1, 23.6.4 y anteriores de Media Encoder se ven afectadas por una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria que podría provocar la ejecución de código arbitrario en el contexto del usuario actual. La explotación de este problema requiere la interacción del usuario, ya que la víctima debe abrir un archivo malicioso. • https://helpx.adobe.com/security/products/media-encoder/apsb24-23.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20766 – Adobe Indesign 2024 TIF File Parsing Out-Of-Bound Read Information Disclosure Vulnerabiity
https://notcve.org/view.php?id=CVE-2024-20766
InDesign Desktop versions 18.5.1, 19.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 18.5.1, 19.2 y anteriores de InDesign Desktop se ven afectadas por una vulnerabilidad de lectura fuera de los límites que podría provocar la divulgación de memoria confidencial. Un atacante podría aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. • https://helpx.adobe.com/security/products/indesign/apsb24-20.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20770 – Adobe Photoshop 2024 TIF File parsing Out-Of-Bound Read
https://notcve.org/view.php?id=CVE-2024-20770
Photoshop Desktop versions 24.7.2, 25.3.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 24.7.2, 25.3.1 y anteriores de Photoshop Desktop se ven afectadas por una vulnerabilidad de lectura fuera de los límites que podría provocar la divulgación de memoria confidencial. Un atacante podría aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. • https://helpx.adobe.com/security/products/photoshop/apsb24-16.html • CWE-125: Out-of-bounds Read •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20758 – [Adobe Cloud] RCE through frontend gift registry sharing
https://notcve.org/view.php?id=CVE-2024-20758
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high. Las versiones 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de validación de entrada incorrecta que podría provocar la ejecución de código arbitrario en el contexto del usuario actual. La explotación de este problema no requiere la interacción del usuario, pero la complejidad del ataque es alta. • https://helpx.adobe.com/security/products/magento/apsb24-18.html • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20759 – Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-20759
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact. Las versiones 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado que podría ser aprovechada por un atacante con altos privilegios para inyectar scripts maliciosos en campos de formulario vulnerables. Se puede ejecutar JavaScript malicioso en el navegador de la víctima cuando navega a la página que contiene el campo vulnerable. • https://helpx.adobe.com/security/products/magento/apsb24-18.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •