CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7532 – Debian Security Advisory 5741-1
https://notcve.org/view.php?id=CVE-2024-7532
06 Aug 2024 — (Chromium security severity: Critical) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42393 – Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol
https://notcve.org/view.php?id=CVE-2024-42393
06 Aug 2024 — There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7523 – Gentoo Linux Security Advisory 202412-06
https://notcve.org/view.php?id=CVE-2024-7523
06 Aug 2024 — Multiple vulnerabilities have been discovered in Spidermonkey, the worst of which could lead to arbitrary code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1908344 •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0CVE-2024-7528 – mozilla: Use-after-free in IndexedDB
https://notcve.org/view.php?id=CVE-2024-7528
06 Aug 2024 — Multiple vulnerabilities have been discovered in Spidermonkey, the worst of which could lead to arbitrary code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1895951 • CWE-416: Use After Free •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5828 – EL Injection Vulnerability in Hitachi Tuning Manager
https://notcve.org/view.php?id=CVE-2024-5828
06 Aug 2024 — Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00. Vulnerabilidad de inyección de lenguaje de expresión en Hitachi Tuning Manager en Windows, Linux y Solaris permite la inyección de código. Este problema afecta a Hitachi Tuning Manager: versiones anteriores a 8.8.7-00. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-140/index.html • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34344 – Remote code execution via the browser when running the test locally in nuxt
https://notcve.org/view.php?id=CVE-2024-34344
05 Aug 2024 — Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the `path` parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrary commands. Users who open a malicious web page in the browser while running the test locally are affected by this vulnerability, which results in the remote code execution from the malicious web page. Since web p... • https://github.com/nuxt/nuxt/security/advisories/GHSA-v784-fjjh-f8r4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22169 – Misconfiguration in node.js causing a code execution in WD Discovery
https://notcve.org/view.php?id=CVE-2024-22169
02 Aug 2024 — WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRON_RUN_AS_NODE' environment variable. Any malicious application operating with standard user permissions can exploit this vulnerability, enabling code execution within WD Discovery application's context. WD Discovery version 5.0.589 addresses this issue by disabling certain features and fuses in Electron. The attack vector for this issue requires the v... • https://www.westerndigital.com/support/product-security/wdc-24004-wd-discovery-desktop-app-version-5-0-589 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41127 – Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its `ci-failure-comment.yml` GitHub Workflow, enabling attackers to gain `pull-requests` write access.
https://notcve.org/view.php?id=CVE-2024-41127
02 Aug 2024 — Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. • https://github.com/monkeytypegame/monkeytype/security/advisories/GHSA-wcjf-5464-4wq9 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-36268 – Apache InLong TubeMQ Client: Remote Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-36268
02 Aug 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. • https://lists.apache.org/thread/1w1yp1bg5sjvn46dszkf00tz1vfs0frc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39392 – Adobe Indesign 2024 EPS File Parsing Heap Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-39392
02 Aug 2024 — InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/indesign/apsb24-48.html • CWE-122: Heap-based Buffer Overflow •