Skip to main content
CVE-2024-39426 HIGH This Week

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Acrobat Dc +2
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2024-39424 HIGH This Week

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Denial Of Service +4
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2024-39423 HIGH This Week

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe RCE Memory Corruption Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
3.9%
CVE-2024-39422 HIGH This Week

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Denial Of Service +4
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2024-39394 HIGH This Week

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Indesign
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-39393 HIGH This Week

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Indesign
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-39391 HIGH This Week

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Indesign
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-39390 HIGH This Week

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Indesign
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-39389 HIGH This Week

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-39388 HIGH This Week

Substance3D - Stager versions 3.0.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-39386 HIGH This Week

Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Bridge
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-39383 HIGH This Week

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Denial Of Service +4
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2024-34133 HIGH This Week

Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-34124 HIGH This Week

Dimension versions 3.4.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Dimension
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-34117 HIGH This Week

Photoshop Desktop versions 24.7.3, 25.9.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-20789 HIGH This Week

Dimension versions 3.4.11 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Dimension
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-41864 HIGH This Week

Substance3D - Designer versions 13.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-41858 HIGH This Week

InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Incopy
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-38163 HIGH This Week

Windows Update Stack Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 21h2 Windows 10 22h2 Windows 11 21H2 +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-27120 HIGH This Week

A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Comfortkey
NVD
CVSS 4.0
7.7
EPSS
0.5%
CVE-2024-39399 HIGH PATCH This Week

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Adobe Commerce Magento
NVD
CVSS 3.1
7.7
EPSS
0.9%
CVE-2024-39403 HIGH PATCH This Week

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Magento
NVD
CVSS 3.1
7.6
EPSS
0.5%
CVE-2024-28799 HIGH This Week

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Security Qradar Suite
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-7729 HIGH This Week

The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-37399 HIGH This Week

A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
27.8%
CVE-2024-36136 HIGH This Week

An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2024-39398 HIGH PATCH This Week

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Adobe Commerce Magento
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2024-7728 HIGH This Week

The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-37373 HIGH This Week

Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2024-28947 HIGH This Week

Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Server Board S2600St Firmware
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-21787 HIGH This Week

Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.1). No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2024-5914 HIGH This Week

A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Command Injection Cortex Xsoar Commonscripts
NVD
CVSS 4.0
7.0
EPSS
1.2%
CVE-2024-39425 HIGH This Week

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Adobe Acrobat Acrobat Dc Acrobat Reader +1
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2024-39420 HIGH This Week

Acrobat Reader versions 20.005.30636, 24.002.21005, 24.001.30159, 20.005.30655, 24.002.20965, 24.002.20964, 24.001.30123, 24.003.20054 and earlier are affected by a Time-of-check Time-of-use (TOCTOU). Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

RCE Adobe Acrobat Acrobat Dc Acrobat Reader +1
NVD
CVSS 3.1
7.0
EPSS
3.5%
CVE-2024-24983 HIGH This Week

Protection mechanism failure in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 4.4 may allow an unauthenticated user to potentially enable denial of. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Denial Of Service
NVD
CVSS 4.0
7.0
EPSS
0.4%
CVE-2024-23499 HIGH This Week

Protection mechanism failure in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an unauthenticated user to potentially. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Denial Of Service Linux Ethernet 800 Series Controllers Driver
NVD
CVSS 4.0
7.0
EPSS
0.5%
CVE-2024-24580 MEDIUM This Month

Improper conditions check in some Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow a privileged user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Data Center Gpu Max 1100 Firmware Data Center Gpu Max 1550 Firmware
NVD
CVSS 4.0
6.8
EPSS
0.2%
CVE-2024-22374 MEDIUM This Month

Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service
NVD
CVSS 4.0
6.8
EPSS
0.2%
CVE-2024-21806 MEDIUM This Month

Improper conditions check in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an authenticated user to potentially enable. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Linux
NVD
CVSS 4.0
6.8
EPSS
0.2%
CVE-2024-39406 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Adobe Commerce Magento
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-42441 MEDIUM This Month

Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Meeting Software Development Kit Rooms Workplace Desktop
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-42440 MEDIUM This Month

Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Meeting Software Development Kit Rooms Workplace Desktop
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-38483 MEDIUM This Month

Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Latitude 5290 2 In 1 Firmware Precision 3420 Tower Firmware Precision 3620 Firmware +38
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-43368 MEDIUM PATCH This Month

The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-37529 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-35152 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-35136 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Nosql Injection Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-31882 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Nosql Injection Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-42439 MEDIUM This Month

Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Meeting Software Development Kit Workplace Desktop
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-42438 MEDIUM This Month

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service Meeting Software Development Kit Rooms +4
NVD
CVSS 3.1
6.5
EPSS
0.6%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy