CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-0917
https://notcve.org/view.php?id=CVE-2024-0917
remote code execution in paddlepaddle/paddle 2.6.0 ejecución remota de código en paddlepaddle/paddle 2.6.0 • https://huntr.com/bounties/2d840735-e255-4700-9709-6f7361829119 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-51395 – Z-Wave S0 Decryption Vulnerability in End Devices
https://notcve.org/view.php?id=CVE-2023-51395
This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. • https://community.silabs.com/068Vm0000029Xq5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2023-41503
https://notcve.org/view.php?id=CVE-2023-41503
Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function. Se descubrió que Student Enrollment In PHP v1.0 contiene una vulnerabilidad de inyección SQL a través de la función de inicio de sesión. • https://github.com/ASR511-OO7/CVE-2023-41503 https://github.com/ASR511-OO7/CVE-2023-41503/blob/main/CVE-26 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-22857
https://notcve.org/view.php?id=CVE-2024-22857
An attacker can exploit this vulnerability to overwrite the zlog_record_fn record_func function pointer to get arbitrary code execution or potentially cause remote code execution (RCE). zlog 1.2.16 tiene un desbordamiento de búfer de almacenamiento dinámico en la estructura zlog_rule_s mientras crea una nueva regla que ya está definida en el archivo de configuración proporcionado. • https://github.com/HardySimpson/zlog https://github.com/HardySimpson/zlog/blob/1a7b1a6fb956b92a4079ccc91f30da21f34ca063/src/rule.h#L30 https://github.com/HardySimpson/zlog/pull/251 https://www.cybersecurity-help.cz/vdb/SB2024022842 https://www.ebryx.com/blogs/arbitrary-code-execution-in-zlog-cve-2024-22857 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27934 – *const c_void / ExternalPointer unsoundness leading to use-after-free
https://notcve.org/view.php?id=CVE-2024-27934
Starting in version 1.36.2 and prior to version 1.40.3, use of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Use of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, which is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of permissions. • https://github.com/denoland/deno/security/advisories/GHSA-3j27-563v-28wf • CWE-416: Use After Free •