CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10495 – Out of bounds read when loading the font table in fontmgr.cpp in NI LabVIEW
https://notcve.org/view.php?id=CVE-2024-10495
10 Dec 2024 — An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-vulnerabilities-in-ni-labview-.html • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10494 – Out of bounds read in HeapObjMapImpl.cpp in NI LabVIEW
https://notcve.org/view.php?id=CVE-2024-10494
10 Dec 2024 — An out of bounds read due to improper input validation in HeapObjMapImpl.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-vulnerabilities-in-ni-labview-.html • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-54152 – Angular Expressions - Remote Code Execution when using locals
https://notcve.org/view.php?id=CVE-2024-54152
10 Dec 2024 — Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex (undisclosed) payload, one can get full access to Arbitrary code execution on the system. • https://github.com/math-x-io/CVE-2024-54152-poc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53242 – Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-53242
10 Dec 2024 — This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25206) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/html/ssa-583523.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53041 – Siemens Tecnomatix Plant Simulation WRL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-53041
10 Dec 2024 — This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25000) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/html/ssa-583523.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.4EPSS: 0%CPEs: 40EXPL: 0CVE-2024-49849
https://notcve.org/view.php?id=CVE-2024-49849
10 Dec 2024 — This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. • https://cert-portal.siemens.com/productcert/html/ssa-800126.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-37143
https://notcve.org/view.php?id=CVE-2024-37143
10 Dec 2024 — An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system. • https://www.dell.com/support/kbdoc/en-us/000258342/dsa-2024-405-security-update-for-dell-products-for-multiple-vulnerabilities • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-53481
https://notcve.org/view.php?id=CVE-2024-53481
10 Dec 2024 — A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters. • http://phpgurukul.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-55500
https://notcve.org/view.php?id=CVE-2024-55500
10 Dec 2024 — Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine. • https://github.com/avwo/whistle/commit/d1b8ca275dc4e453bd2efed392c0fd4b92f73cdf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50930
https://notcve.org/view.php?id=CVE-2024-50930
10 Dec 2024 — An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code. • https://github.com/CNK2100/2024-CVE/blob/main/README.md • CWE-281: Improper Preservation of Permissions •