CVSS: 6.3EPSS: %CPEs: -EXPL: 1CVE-2024-31974
https://notcve.org/view.php?id=CVE-2024-31974
The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately sanitize the URI or any extra data passed in the intent by any installed application (with no permissions). La aplicación com.solarized.firedown (también conocida como Solarized FireDown Browser & Downloader) versión 1.0.76 para Android permite a un atacante remoto ejecutar código JavaScript arbitrario mediante una intención diseñada. com.solarized.firedown.IntentActivity utiliza un componente WebView para mostrar contenido web y no sanitiza adecuadamente el URI ni ningún dato adicional pasado en el intent por ninguna aplicación instalada (sin permisos). • https://github.com/actuator/com.solarized.firedown https://github.com/actuator/com.solarized.firedown/blob/main/CVE-2024-31974 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-22429
https://notcve.org/view.php?id=CVE-2024-22429
A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution. • https://www.dell.com/support/kbdoc/en-us/000221102/dsa-2024-020 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-23522 – WordPress Formidable Forms plugin <= 6.7 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-23522
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7. neutralización incorrecta de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en Strategy11 Form Builder Team Formidable Forms permite la inyección de código. Este problema afecta a Formidable Forms: desde n/a hasta 6.7. • https://patchstack.com/database/vulnerability/formidable/wordpress-formidable-forms-plugin-6-7-content-injection-vulnerability?_s_id=cve • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-4453 – GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-4453
This flaw allows a remote attacker to send specially crafted content to the victim, allowing for arbitrary code execution within the context of the affected installation's process. • https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5 https://lists.debian.org/debian-lts-announce/2024/05/msg00019.html https://www.zerodayinitiative.com/advisories/ZDI-24-467 https://access.redhat.com/security/cve/CVE-2024-4453 https://bugzilla.redhat.com/show_bug.cgi?id=2282999 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1417 – Local Code Injection Vulnerability in AuthPoint Password Manager App for macOS Safari
https://notcve.org/view.php?id=CVE-2024-1417
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application. This issue affects AuthPoint Password Manager for MacOS versions before 1.0.6. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando ("Inyección de comando") en WatchGuard AuthPoint Password Manager en MacOS permite a un adversario con acceso local ejecutar código en el contexto de la aplicación AuthPoint Password Manager. Este problema afecta a AuthPoint Password Manager para versiones de MacOS anteriores a la 1.0.6. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00006 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •