CVE-2024-9248 – Foxit PDF Reader PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9248
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVE-2024-22170 – Unchecked buffer in Dynamic DNS client
https://notcve.org/view.php?id=CVE-2024-22170
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. ... An attacker can leverage this vulnerability to execute code in the context of the device. • https://www.westerndigital.com/support/product-security/wdc-24005-western-digital-my-cloud-os-5-firmware-5-29-102 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2024-9246 – Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9246
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •
CVE-2024-41605
https://notcve.org/view.php?id=CVE-2024-41605
An issue in Foxit Software Foxit PDF Reader v.2024.2.2.25170 allows a local attacker to execute arbitrary code via the FoxitPDFReaderUpdater.exe component In Foxit PDF Reader before 2024.3, and PDF Editor before 2024.3 and 13.x before 13.1.4, an attacker can replace an update file with a Trojan horse via side loading, because the update service lacks integrity validation for the updater. Attacker-controlled code may thus be executed. • https://www.foxit.com/support/security-bulletins.html • CWE-284: Improper Access Control •
CVE-2024-46628
https://notcve.org/view.php?id=CVE-2024-46628
Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. • https://github.com/Question-h/vuln/blob/master/Remote%20Code%20Execution%20Vulnerability%20in%20Tenda%20G3%20Router.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •