CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8422 – Schneider Electric Zelio Soft 2 ZM2 File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8422
CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric Zelio Soft 2. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-06.pdf • CWE-416: Use After Free •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-47553
https://notcve.org/view.php?id=CVE-2024-47553
The affected application does not properly validate user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged remote attacker to execute arbitrary code with root privileges on the underlying OS. • https://cert-portal.siemens.com/productcert/html/ssa-430425.html • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-34669
https://notcve.org/view.php?id=CVE-2024-34669
Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10 •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-34668
https://notcve.org/view.php?id=CVE-2024-34668
Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10 •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-34667
https://notcve.org/view.php?id=CVE-2024-34667
Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10 •