CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36260 – Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2024-36260
02 Jul 2024 — in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-07.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36243 – Arkcompiler Ets Runtime has an out-of-bounds read vulnerability
https://notcve.org/view.php?id=CVE-2024-36243
02 Jul 2024 — in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-07.md • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-37030 – Arkcompiler Ets Runtime has a use after free vulnerability
https://notcve.org/view.php?id=CVE-2024-37030
02 Jul 2024 — in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-07.md • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41917 – Improper input validation in Kiloview P1/P2 devices allows for remote code execution
https://notcve.org/view.php?id=CVE-2023-41917
02 Jul 2024 — Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, enabling unauthorized code execution. • https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 43EXPL: 0CVE-2024-25086
https://notcve.org/view.php?id=CVE-2024-25086
02 Jul 2024 — Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code. La gestión inadecuada de privilegios en Jungo WinDriver anterior a 12.2.0 permite a atacantes locales escalar privilegios y ejecutar código arbitrario. • https://jungo.com/windriver/versions • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-269: Improper Privilege Management •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-31337 – PowerVR Driver Missing Sanitization
https://notcve.org/view.php?id=CVE-2024-31337
02 Jul 2024 — In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. • https://packetstorm.news/files/id/179297 •
CVSS: 10.0EPSS: 96%CPEs: 6EXPL: 24CVE-2024-36401 – OSGeo GeoServer GeoTools Eval Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-36401
01 Jul 2024 — GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-j... • https://packetstorm.news/files/id/179547 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6376 – ejson shell parser in MongoDB Compass maybe bypassed
https://notcve.org/view.php?id=CVE-2024-6376
01 Jul 2024 — MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. • https://jira.mongodb.org/browse/COMPASS-7496 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39002
https://notcve.org/view.php?id=CVE-2024-39002
01 Jul 2024 — rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function util.clone. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/9a2b522d59c53f31f45c1edb96459693 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39017
https://notcve.org/view.php?id=CVE-2024-39017
01 Jul 2024 — agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function mergeInternalComponents. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. Se descubrió que Accordjs Shared v0.0.1 contenía un prototipo de contaminación a través de la función mergeInternalComponents. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) mediante la inyección de ... • https://gist.github.com/mestrtee/039e3e337642e6bb7f36aeddfde41b8b • CWE-94: Improper Control of Generation of Code ('Code Injection') •