CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27808 – webkitgtk: Processing web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2024-27808
Processing web content may lead to arbitrary code execution. ... This flaw allows a remote attacker to perform arbitrary code execution when processing web content. • http://seclists.org/fulldisclosure/2024/Jun/5 https://support.apple.com/en-us/HT214101 https://support.apple.com/en-us/HT214102 https://support.apple.com/en-us/HT214103 https://support.apple.com/en-us/HT214104 https://support.apple.com/en-us/HT214106 https://support.apple.com/en-us/HT214108 https://access.redhat.com/security/cve/CVE-2024-27808 https://bugzilla.redhat.com/show_bug.cgi?id=2314697 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-786: Access of Memory Location Before Start of Buffer •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27833 – webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2024-27833
Processing maliciously crafted web content may lead to arbitrary code execution. ... This flaw allows a remote attacker to perform arbitrary code execution when processing web content. • http://seclists.org/fulldisclosure/2024/Jun/5 https://support.apple.com/en-us/HT214100 https://support.apple.com/en-us/HT214101 https://support.apple.com/en-us/HT214102 https://support.apple.com/en-us/HT214103 https://support.apple.com/en-us/HT214108 https://access.redhat.com/security/cve/CVE-2024-27833 https://bugzilla.redhat.com/show_bug.cgi?id=2314700 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32897
https://notcve.org/view.php?id=CVE-2022-32897
Processing a maliciously crafted tiff file may lead to arbitrary code execution. • https://support.apple.com/en-us/HT213345 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37014
https://notcve.org/view.php?id=CVE-2024-37014
Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. Langflow hasta la versión 0.6.19 permite la ejecución remota de código si los usuarios que no son de confianza pueden acceder al endpoint "POST /api/v1/custom_component" y proporcionar un script de Python. • https://github.com/langflow-ai/langflow/issues/1973 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-36531
https://notcve.org/view.php?id=CVE-2024-36531
nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component. • https://mat4mee.notion.site/Module-upload-in-nukeViet-leads-to-RCE-01ff3ff4c80d402d8c7c8a2b15a24c33 • CWE-94: Improper Control of Generation of Code ('Code Injection') •