CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9764 – Tungsten Automation Power PDF PDF File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9764
11 Oct 2024 — Tungsten Automation Power PDF PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. ... An attacker can leverage this vulnerability to execute code ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1362 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9766 – Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-9766
11 Oct 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1336 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9767 – IrfanView SID File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9767
11 Oct 2024 — IrfanView SID File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocate... • https://www.zerodayinitiative.com/advisories/ZDI-24-1371 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48813
https://notcve.org/view.php?id=CVE-2024-48813
11 Oct 2024 — SQL injection vulnerability in employee-management-system-php-and-mysql-free-download.html taskmatic 1.0 allows a remote attacker to execute arbitrary code via the admin_id parameter of the /update-employee.php component. • https://gitee.com/lssrain/taskmatic/issues/IAUXOL • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48827
https://notcve.org/view.php?id=CVE-2024-48827
11 Oct 2024 — An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function. • https://github.com/sbondCo/Watcharr • CWE-613: Insufficient Session Expiration •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48987
https://notcve.org/view.php?id=CVE-2024-48987
11 Oct 2024 — Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. • https://www.synacktiv.com/advisories/snipe-it-unauthenticated-remote-command-execution-when-appkey-known •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45316 – SonicWALL Connect Tunnel Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-45316
11 Oct 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Secure Mobile Access service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0017 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47966 – Use of Uninitialized Variable vulnerability in Delta Electronics CNCSoft-G2
https://notcve.org/view.php?id=CVE-2024-47966
10 Oct 2024 — An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21 • CWE-457: Use of Uninitialized Variable •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47965 – Out-of-bounds Read vulnerability in Delta Electronics CNCSoft-G2
https://notcve.org/view.php?id=CVE-2024-47965
10 Oct 2024 — An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21 • CWE-125: Out-of-bounds Read •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47964 – Heap-based Buffer Overflow vulnerability in Delta Electronics CNCSoft-G2
https://notcve.org/view.php?id=CVE-2024-47964
10 Oct 2024 — An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21 • CWE-122: Heap-based Buffer Overflow •