CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12178 – DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
https://notcve.org/view.php?id=CVE-2024-12178
A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11422 – DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
https://notcve.org/view.php?id=CVE-2024-11422
A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50379 – Apache Tomcat: RCE due to TOCTOU issue in JSP compilation
https://notcve.org/view.php?id=CVE-2024-50379
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.08, which fixes the issue. Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. • https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r http://www.openwall.com/lists/oss-security/2024/12/17/4 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-29646
https://notcve.org/view.php?id=CVE-2024-29646
Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields. • https://gist.github.com/Crispy-fried-chicken/0be4a204e7226fa2cea761c09f027690 https://github.com/radareorg/radare2/pull/22562 https://github.com/radareorg/radare2/pull/22567 https://github.com/radareorg/radare2/pull/22572 https://github.com/radareorg/radare2/pull/22578 https://github.com/radareorg/radare2/pull/22599 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-49194
https://notcve.org/view.php?id=CVE-2024-49194
Databricks JDBC Driver before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. ... An attacker could potentially exploit this vulnerability to achieve Remote Code Execution in the context of the driver by tricking a victim into using a crafted connection URL that uses the property krbJAASFile. • https://kb.databricks.com/en_US/data-sources/security-bulletin-databricks-jdbc-driver-vulnerability-advisory-cve-2024-49194 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •