CVE-2024-7543 – oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7543
This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. ... This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. • https://www.zerodayinitiative.com/advisories/ZDI-24-1083 • CWE-122: Heap-based Buffer Overflow •
CVE-2024-7508 – Trimble SketchUp Viewer SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7508
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. •
CVE-2024-7511 – Trimble SketchUp Pro SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-7511
An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •
CVE-2024-6315 – Blox Page Builder <= 1.0.65 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6315
This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/blox-page-builder/trunk/inc_php/unitecreator_assets.class.php?rev=1866874#L979 https://www.wordfence.com/threat-intel/vulnerabilities/id/0fe551db-2073-4eeb-83da-9ce8c2c031e1?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-7541 – oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-7541
An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-1081 • CWE-457: Use of Uninitialized Variable •