CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2024-38261 – Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38261
08 Oct 2024 — Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38261 • CWE-20: Improper Input Validation CWE-122: Heap-based Buffer Overflow CWE-126: Buffer Over-read •
CVSS: 8.3EPSS: 4%CPEs: 1EXPL: 0CVE-2024-9380 – Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-9380
08 Oct 2024 — An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8422 – Schneider Electric Zelio Soft 2 ZM2 File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8422
08 Oct 2024 — CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file. CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file. This vulnerability allows remote atta... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-06.pdf • CWE-416: Use After Free •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47553
https://notcve.org/view.php?id=CVE-2024-47553
08 Oct 2024 — This could allow an authenticated, lowly privileged remote attacker to execute arbitrary code with root privileges on the underlying OS. • https://cert-portal.siemens.com/productcert/html/ssa-430425.html • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34669
https://notcve.org/view.php?id=CVE-2024-34669
08 Oct 2024 — Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10 •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34668
https://notcve.org/view.php?id=CVE-2024-34668
08 Oct 2024 — Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10 •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34667
https://notcve.org/view.php?id=CVE-2024-34667
08 Oct 2024 — Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10 •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34666
https://notcve.org/view.php?id=CVE-2024-34666
08 Oct 2024 — Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10 •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34665
https://notcve.org/view.php?id=CVE-2024-34665
08 Oct 2024 — Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45138 – Substance3D - Stager | Use After Free (CWE-416)
https://notcve.org/view.php?id=CVE-2024-45138
08 Oct 2024 — Substance3D - Stager versions 3.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html • CWE-416: Use After Free •