5.3
CVE-2024-2730 - Predictable Page Indexing Might Lead to Sensitive Data Exposure in Mautic
Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available
7.8
CVE-2024-31492 -
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.
7.8
CVE-2024-20772 - Adobe Media Encoder 2024 AI file parsing Stack based buffer overflow
Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
4.3
CVE-2024-31924 - WordPress EWWW Image Optimizer plugin <= 7.2.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in nosilver4u EWWW Image Optimizer ewww-image-optimizer.This issue affects EWWW Image Optimizer: from n/a through <= 7.2.3.
5.5
CVE-2024-20766 - Adobe Indesign 2024 TIF File Parsing Out-Of-Bound Read Information Disclosure Vulnerabiity
InDesign Desktop versions 18.5.1, 19.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a β¦
5.5
CVE-2024-20770 - Adobe Photoshop 2024 TIF File parsing Out-Of-Bound Read
Photoshop Desktop versions 24.7.2, 25.3.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in thatβ¦
9
CVE-2024-20758 - Adobe Commerce | Improper Input Validation (CWE-20)
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexitβ¦
8.1
CVE-2024-20759 - Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victiβ¦
8.1
CVE-2023-2794 - Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decodβ¦
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check β¦
5.5
CVE-2024-20737 - Adobe After Effect 2024 RGB File parsing Memory Corruption Vulnerability
After Effects versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a vicβ¦