CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21972
https://notcve.org/view.php?id=CVE-2024-21972
23 Apr 2024 — An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. ... An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6012.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28130 – Ubuntu Security Notice USN-7010-1
https://notcve.org/view.php?id=CVE-2024-28130
23 Apr 2024 — A specially crafted malformed file can lead to arbitrary code execution. • https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21511
https://notcve.org/view.php?id=CVE-2024-21511
23 Apr 2024 — Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function. • https://github.com/sidorares/node-mysql2/commit/7d4b098c7e29d5a6cb9eac2633bfcc2f0f1db713 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 96%CPEs: 2EXPL: 18CVE-2024-4040 – CrushFTP VFS Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2024-4040
22 Apr 2024 — A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. VFS Sandbox Escape en CrushFTP en todas las versiones anteriores a 10.7.1 y 11.1.0 en todas las plataformas permite a atacantes remotos con privilegios bajos leer archivos del sistema de arch... • https://packetstorm.news/files/id/180590 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32790 – WordPress Pricing Table by Supsystic plugin <= 1.9.12 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-32790
22 Apr 2024 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Supsystic Pricing Table by Supsystic allows Code Injection.This issue affects Pricing Table by Supsystic: from n/a through 1.9.12. La neutralización incorrecta de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en Supsystic Pricing Table de Supsystic permite la inyección de código. Este problema afecta a Pricing Table de Supsystic: desde n/a hasta 1.9.12. The Pricing Table ... • https://patchstack.com/database/vulnerability/pricing-table-by-supsystic/wordpress-pricing-table-by-supsystic-plugin-1-9-12-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28699
https://notcve.org/view.php?id=CVE-2024-28699
22 Apr 2024 — A buffer overflow vulnerability in pdf2json v0.70 allows a local attacker to execute arbitrary code via the GString::copy() and ImgOutputDev::ImgOutputDev function. Una vulnerabilidad de desbordamiento de búfer en pdf2json v0.70 permite a un atacante local ejecutar código arbitrario a través de las funciones GString::copy() e ImgOutputDev::ImgOutputDev. • http://pdf2json.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29991 – Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-29991
19 Apr 2024 — Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Vulnerabilidad de omisión de característica de seguridad de Microsoft Edge (basada en Chromium) This vulnerability allows remote attackers to bypass the Mark-Of-The-Web security feature to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .M... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29991 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50260 – Wazuh's vulnerability in host_deny AR script allows arbitrary command execution
https://notcve.org/view.php?id=CVE-2023-50260
19 Apr 2024 — Wazuh is a free and open source platform used for threat prevention, detection, and response. A wrong validation in the `host_deny` script allows to write any string in the `hosts.deny` file, which can end in an arbitrary command execution on the target system. This vulnerability is part of the active response feature, which can automatically triggers actions in response to alerts. By default, active responses are limited to a set of pre defined executables. This is enforced by only allowing executables sto... • https://github.com/wazuh/wazuh/security/advisories/GHSA-mjq2-xf8g-68vw • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2023-51793 – Debian Security Advisory 5721-1
https://notcve.org/view.php?id=CVE-2023-51793
19 Apr 2024 — An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. ... An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. • https://ffmpeg.org • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-51797
https://notcve.org/view.php?id=CVE-2023-51797
19 Apr 2024 — Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.N113007-g8d24a28d06 permite a un atacante local ejecutar código arbitrario a través de libavfilter/avf_showwaves.c:722:24 en showwaves_filter_frame • https://ffmpeg.org • CWE-94: Improper Control of Generation of Code ('Code Injection') •