451 matches found
CVE-2024-53006
Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this...
CVE-2024-49546
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in...
PT-2024-9872 · Adobe · Media Encoder
Name of the Vulnerable Software and Affected Versions: Media Encoder versions 25.0, 24.6.3 and earlier Description: The issue is related to a NULL Pointer Dereference error. Exploitation of this issue could allow an attacker to cause a denial-of-service by crashing the application, which requires...
DEBIAN-CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...
CVE-2024-49511
InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in...
Exploit for Cross-site Scripting in Sygnoos Popup_Builder
General Details - CVE-ID : CVE-2023-6000 - CVSS Score...
CVE-2024-45140
Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
PT-2024-32645 · Scout · Scout
Name of the Vulnerable Software and Affected Versions: Scout versions prior to 4.89 Description: The issue arises from the lack of sanitization in filenames, allowing bypass of intended file extensions. This enables the download of malicious files with any extension. If users unknowingly download...
CVE-2024-43759
Illustrator versions 28.6, 27.9.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service DoS. An attacker could exploit this vulnerability to crash the application, resulting in a DoS condition. Exploitation of this issue requires...
CVE-2024-34121
Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2024-34121
Adobe Illustrator is affected by CVE-2024-34121 (Integer Overflow/Wraparound) in versions 28.6, 27.9.5 and earlier. The vulnerability could allow arbitrary code execution in the current user context and requires the user to open a malicious file. Updates per APSB24-66 mitigate this issue by movin...
EulerOS 2.0 SP9 : kernel (EulerOS-SA-2024-2394)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : kernel:ACPI: CPPC: Use accesswidth over bitwidth for system memory accessesCVE-2024-35995 ACPI: LPIT: Avoid u32 multiplication...
emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments...
CVE-2024-39422
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must op...
The vulnerability of the Mozilla Firefox browser for Android, related to deficiencies in access control, allows attackers to bypass security restrictions and compromise the integrity of protected information.
The vulnerability of the Mozilla Firefox browser for Android is related to deficiencies in access control, resulting from incorrect processing of the Principal object when opening new tabs. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and compromise the...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...
CVE-2024-28964
Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issu...
CVE-2024-28964
CVE-2024-28964 - Dell Common Event Enabler : Affects version 8.9.10.0 and earlier of the Dell Common Event Enabler, due to an insecure deserialization vulnerability in CAVATools . This enables a local attacker to achieve arbitrary code execution in the context of the logged-in user, with exploita...
RHEL 7 : libxfont (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libXfont: Insufficient input validation in pcfread.c CVE-2017-13722 - In the PatternMatch function in...