CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-31225 – Lack of size check and buffer overflow in RIOT
https://notcve.org/view.php?id=CVE-2024-31225
01 May 2024 — If the unchecked input above is attacker-controlled and crosses a security boundary, the impact of the buffer overflow vulnerability could range from denial of service to arbitrary code execution. • https://packetstorm.news/files/id/178525 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33430
https://notcve.org/view.php?id=CVE-2024-33430
01 May 2024 — An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. Un problema en phiola/src/afilter/pcm_convert.h:513 de phiola v2.0-rc22 permite a un atacante remoto ejecutar código arbitrario a través de un archivo .wav manipulado. • https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/segmentFault-1/poc/I2ZFI3~5 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-482: Comparing instead of Assigning •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22830
https://notcve.org/view.php?id=CVE-2024-22830
01 May 2024 — Anti-Cheat Expert's Windows kernel module "ACE-BASE.sys" version 1.0.2202.6217 does not perform proper access control when handling system resources. ... El módulo del kernel de Windows de Anti-Cheat Expert "ACE-BASE.sys" versión 1.0.2202.6217 no realiza un control de acceso adecuado cuando maneja los recursos del sistema. • http://anti-cheat.com • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33442
https://notcve.org/view.php?id=CVE-2024-33442
01 May 2024 — An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component. Un problema en flusity-CMS v.2.33 permite a un atacante remoto ejecutar código arbitrario a través del componente add_post.php. • https://github.com/summerwayace/cms/blob/main/1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-26322 – GetApps application has code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-26322
01 May 2024 — A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi... • https://trust.mi.com/misrc/bulletins/advisory?cveId=542 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3957 – Booster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-3957
01 May 2024 — The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what shortcode functionality they provide. El complemento Booster for WooCommerce es vulnerable a la ejecución de códigos cortos arbitrarios no autenticados en versiones hasta la 7.1.8 incluida. Esto permite a atacantes no... • https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/class-wcj-product-by-user.php#L245 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25938
https://notcve.org/view.php?id=CVE-2024-25938
30 Apr 2024 — A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1958 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25648
https://notcve.org/view.php?id=CVE-2024-25648
30 Apr 2024 — A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1959 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25575
https://notcve.org/view.php?id=CVE-2024-25575
30 Apr 2024 — A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1963 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27322 – Gentoo Linux Security Advisory 202412-01
https://notcve.org/view.php?id=CVE-2024-27322
29 Apr 2024 — A vulnerability has been discovered in R, which can lead to arbitrary code execution. • http://www.openwall.com/lists/oss-security/2024/04/29/3 • CWE-502: Deserialization of Untrusted Data •