CVE-2024-39011
https://notcve.org/view.php?id=CVE-2024-39011
Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the function mergeObjects. • https://gist.github.com/mestrtee/693ef1c8b0a5ff1ae19f253381711f3e • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVE-2024-41183 – Trend Micro VPN Proxy One Pro Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-41183
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DEP Manager. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVE-2024-39010
https://notcve.org/view.php?id=CVE-2024-39010
This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/af7a746df91ab5e944bd7a186816c262 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVE-2024-27826
https://notcve.org/view.php?id=CVE-2024-27826
An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/HT214101 https://support.apple.com/en-us/HT214120 https://support.apple.com/en-us/HT214106 https://support.apple.com/en-us/HT214104 https://support.apple.com/en-us/HT214123 https://support.apple.com/en-us/HT214102 https://support.apple.com/en-us/HT214118 https://support.apple.com/kb/HT214102 https://support.apple.com/kb/HT214104 https://support.apple.com/kb/HT214106 https://support.apple.com/kb/HT214101 http://seclists.org • CWE-269: Improper Privilege Management •
CVE-2024-27877 – Apple macOS AppleVADriver Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-27877
An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. • https://support.apple.com/en-us/HT214120 https://support.apple.com/en-us/HT214119 https://support.apple.com/en-us/HT214118 http://seclists.org/fulldisclosure/2024/Jul/20 http://seclists.org/fulldisclosure/2024/Jul/18 http://seclists.org/fulldisclosure/2024/Jul/19 •