CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9965
https://notcve.org/view.php?id=CVE-2024-9965
Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html https://issues.chromium.org/issues/352651673 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21259 – Oracle VirtualBox TPM Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-21259
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpuoct2024.html • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45274 – MB connect line/Helmholz: Remote code execution via confnet service
https://notcve.org/view.php?id=CVE-2024-45274
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. Un atacante remoto no autenticado puede ejecutar comandos del sistema operativo a través de UDP en el dispositivo debido a la falta de autenticación. • https://cert.vde.com/en/advisories/VDE-2024-056 https://cert.vde.com/en/advisories/VDE-2024-066 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45271 – MB connect line/Helmholz: Remote code execution due to improper input validation
https://notcve.org/view.php?id=CVE-2024-45271
An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation. Un atacante local no autenticado puede obtener privilegios de administrador al implementar un archivo de configuración debido a una validación de entrada incorrecta. • https://cert.vde.com/en/advisories/VDE-2024-056 https://cert.vde.com/en/advisories/VDE-2024-066 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-47943 – Improper signature verification of firmware upgrade files
https://notcve.org/view.php?id=CVE-2024-47943
This allows crafting malicious "signed" .patch files in order to compromise the device and execute arbitrary code. • https://r.sec-consult.com/rittaliot https://www.rittal.com/de-de/products/deep/3124300 • CWE-347: Improper Verification of Cryptographic Signature •