CVE-2024-45142 – Substance3D - Stager | Write-what-where Condition (CWE-123)
https://notcve.org/view.php?id=CVE-2024-45142
Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controlled value to an arbitrary memory location, potentially leading to code execution. • https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html • CWE-123: Write-what-where Condition •
CVE-2024-9680 – Mozilla Firefox Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2024-9680
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. ... An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. ... A remote code execution vulnerability was found in Firefox and Thunderbird. The Mozilla Foundation Security Advisories state: An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process. • https://github.com/tdonaworth/Firefox-CVE-2024-9680 https://bugzilla.mozilla.org/show_bug.cgi?id=1923344 https://www.mozilla.org/security/advisories/mfsa2024-51 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039 https://www.mozilla.org/security/advisories/mfsa2024-52 https://access.redhat.com/security/cve/CVE-2024-9680 https://bugzilla.redhat.com/show_bug.cgi?id=2317442 • CWE-416: Use After Free •
CVE-2024-48027 – WordPress External featured image from bing plugin <= 1.0.2 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-48027
The External featured image from bing plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/external-featured-image-from-bing/wordpress-external-featured-image-from-bing-plugin-1-0-2-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-48035 – WordPress ACF Images Search And Insert plugin <= 1.1.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-48035
This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/acf-images-search-and-insert/wordpress-acf-images-search-and-insert-plugin-1-1-4-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-45746
https://notcve.org/view.php?id=CVE-2024-45746
This allows an attacker to write anywhere in the secure firmware, which can be used to take over the control flow, leading to remote code execution (RCE). • https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/user_pointers_mailbox_vectors_vulnerability.html https://www.trustedfirmware.org/projects/tf-m • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •