CVE-2024-28964
https://notcve.org/view.php?id=CVE-2024-28964
A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. • https://www.dell.com/support/kbdoc/en-us/000224987/dsa-2024-179-security-update-for-dell-emc-common-event-enabler-windows-for-cavatools-vulnerabilities • CWE-502: Deserialization of Untrusted Data •
CVE-2024-1577 – Remote Code Execution in MegaBIP
https://notcve.org/view.php?id=CVE-2024-1577
Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2. La vulnerabilidad de ejecución remota de código en el software MegaBIP permite ejecutar código arbitrario en el servidor sin requerir autenticación al guardar el código PHP creado por el atacante en uno de los archivos del sitio web. Este problema afecta a todas las versiones del software MegaBIP. • https://cert.pl/en/posts/2024/06/CVE-2024-1576 https://cert.pl/posts/2024/06/CVE-2024-1576 https://megabip.pl https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-5834
https://notcve.org/view.php?id=CVE-2024-5834
Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) La implementación inapropiada en Dawn en Google Chrome anterior a 126.0.6478.54 permitió a un atacante remoto ejecutar código arbitrario a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/342840932 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-34405
https://notcve.org/view.php?id=CVE-2024-34405
Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the app. Validación inadecuada de enlaces profundos en McAfee Security: Antivirus VPN para Android anterior a 8.3.0 podría permitir a un atacante iniciar una URL arbitraria dentro de la aplicación. • https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html https://www.mcafee.com/support/?page=shell&shell=article-view&articleId=000002403 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-34115 – ZDI-CAN-24054: Adobe Substance 3D Stager SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-34115
Substance3D - Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/substance3d_stager/apsb24-43.html • CWE-787: Out-of-bounds Write •