CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-41605
https://notcve.org/view.php?id=CVE-2024-41605
An issue in Foxit Software Foxit PDF Reader v.2024.2.2.25170 allows a local attacker to execute arbitrary code via the FoxitPDFReaderUpdater.exe component In Foxit PDF Reader before 2024.3, and PDF Editor before 2024.3 and 13.x before 13.1.4, an attacker can replace an update file with a Trojan horse via side loading, because the update service lacks integrity validation for the updater. Attacker-controlled code may thus be executed. • https://www.foxit.com/support/security-bulletins.html • CWE-284: Improper Access Control •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-46628
https://notcve.org/view.php?id=CVE-2024-46628
Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. • https://github.com/Question-h/vuln/blob/master/Remote%20Code%20Execution%20Vulnerability%20in%20Tenda%20G3%20Router.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-9251 – Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9251
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-9253 – Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9253
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2024-7479 – Improper signature verification of VPN driver installation in TeamViewer Remote Clients
https://notcve.org/view.php?id=CVE-2024-7479
Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service, which listens on TCP port 5939 by default. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481 https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2024-1006 • CWE-347: Improper Verification of Cryptographic Signature •