5.5
CVE-2024-41861 - Adobe Substance 3D Sampler Memory Corruption Out-of-Bounds-READ Vulnerability I, when parsing PSD fβ¦
Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victβ¦
5.5
CVE-2024-41860 - Adobe Substance 3D Sampler Memory Corruption Vulnerability I, when parsing PSD file
Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victβ¦
5.5
CVE-2024-41863 - Adobe Substance 3D Sampler Memory Corruption Out-of-Bounds-READ Vulnerability III, when parsing DNGβ¦
Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victβ¦
7.8
CVE-2024-41858 - Adobe InCopy has an integer overflow vulnerability when parsing SVG file
InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
9.8
CVE-2024-7732 - SECOM Dr.ID Attendance system - Unrestricted File Upload
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.
9.8
CVE-2024-7731 - SECOM Dr.ID Access control system - SQL injection
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.
6.4
CVE-2024-7588 - Gutenberg Blocks, Page Builder β ComboBlocks <= 2.2.87 - Authenticated (Contributor+) Stored Cross-β¦
The Gutenberg Blocks, Page Builder β ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion block in all versions up to, and including, 2.2.87 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possβ¦
7.5
CVE-2024-7729 - CAYIN Technology CMS - Sensitive File Download
The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files.
7.2
CVE-2024-7728 - CAYIN Technology CMS - OS Command Injection
The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server.
9.8
CVE-2024-20083 -
In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08810810 / ALPS08805789; Issue ID: MSV-1502.