NotCVE-2023-0001 – Secure Boot Bypass in MSM8916/APQ8016 Mobile SoC
https://notcve.org/view.php?id=NotCVE-2023-0001
A physical attacker may leverage improper protection against voltage glitching in Qualcomm’s Secure Boot implementation in chipsets MSM8916 and APQ8016 to execute arbitrary code in the device due to a badly secured hash value check. • https://cyberintel.es/cve/notCVE-2023-0001/ • CWE-1247: Improper Protection Against Voltage and Clock Glitches •
CVE-2024-46946
https://notcve.org/view.php?id=CVE-2024-46946
langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. • https://cwe.mitre.org/data/definitions/95.html https://docs.sympy.org/latest/modules/codegen.html https://gist.github.com/12end/68c0c58d2564ef4141bccd4651480820#file-cve-2024-46946-txt https://github.com/langchain-ai/langchain/releases/tag/langchain-experimental%3D%3D0.3.0 •
CVE-2024-46986 – Arbitrary file write leading to RCE in Camaleon CMS
https://notcve.org/view.php?id=CVE-2024-46986
An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). ... This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. • https://codeql.github.com/codeql-query-help/ruby/rb-path-injection https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-wmjg-vqhv-q5p5 https://owasp.org/www-community/attacks/Path_Traversal https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2024-34026
https://notcve.org/view.php?id=CVE-2024-34026
A specially crafted EtherNet/IP request can lead to remote code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2005 • CWE-121: Stack-based Buffer Overflow •
CVE-2024-45679
https://notcve.org/view.php?id=CVE-2024-45679
Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product. • https://github.com/assimp/assimp/releases/tag/v5.4.3 https://jvn.jp/en/jp/JVN42386607 • CWE-122: Heap-based Buffer Overflow •