CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8590 – Autodesk AutoCAD 3DM File Parsing Use-After-Free Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8590
29 Oct 2024 — A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8589 – Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-8589
29 Oct 2024 — A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk AutoCAD. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8588 – Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2024-8588
29 Oct 2024 — A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-8587 – Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8587
29 Oct 2024 — A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019 • CWE-122: Heap-based Buffer Overflow •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-8396
https://notcve.org/view.php?id=CVE-2024-8396
29 Oct 2024 — An attacker can exploit this by creating a tarfile with absolute paths, leading to arbitrary file overwrite and potential remote code execution. •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6581 – Remote Code Execution due to Stored XSS in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-6581
29 Oct 2024 — Due to incomplete filtering in the sanitize_svg function, this can lead to cross-site scripting (XSS) vulnerabilities, which in turn pose a risk of remote code execution. • https://github.com/parisneo/lollms/commit/328b960a0de2097e13654ac752253e9541521ddd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6868 – Arbitrary File Write in mudler/LocalAI
https://notcve.org/view.php?id=CVE-2024-6868
29 Oct 2024 — This vulnerability can lead to remote code execution (RCE) by overwriting backend assets used by the server. • https://github.com/mudler/localai/commit/a181dd0ebc5d3092fc50f61674d552604fe8ef9c • CWE-20: Improper Input Validation •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5982 – Path Traversal in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-5982
29 Oct 2024 — Specifically, the load_chat_history function in modules/models/base_model.py allows arbitrary file uploads, potentially leading to remote code execution (RCE). The get_history_names function in utils.py permits arbitrary directory creation. • https://github.com/gaizhenbiao/chuanhuchatgpt/commit/952fc8c3cbacead858311747cddd4bedcb4721d7 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-10468 – Gentoo Linux Security Advisory 202412-06
https://notcve.org/view.php?id=CVE-2024-10468
29 Oct 2024 — Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1914982 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0CVE-2024-10467 – firefox: thunderbird: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4
https://notcve.org/view.php?id=CVE-2024-10467
29 Oct 2024 — Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. ... Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code. Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1829029%2C1888538%2C1900394%2C1904059%2C1917742%2C1919809%2C1923706 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •