CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34666
https://notcve.org/view.php?id=CVE-2024-34666
08 Oct 2024 — Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10 •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34665
https://notcve.org/view.php?id=CVE-2024-34665
08 Oct 2024 — Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10 •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2024-43556 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-43556
08 Oct 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull driver. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43556 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45138 – Substance3D - Stager | Use After Free (CWE-416)
https://notcve.org/view.php?id=CVE-2024-45138
08 Oct 2024 — Substance3D - Stager versions 3.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45146 – Dimension | Use After Free (CWE-416)
https://notcve.org/view.php?id=CVE-2024-45146
08 Oct 2024 — Dimension versions 4.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://helpx.adobe.com/security/products/dimension/apsb24-74.html • CWE-416: Use After Free •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-43363 – Remote code execution via Log Poisoning in Cacti
https://notcve.org/view.php?id=CVE-2024-43363
07 Oct 2024 — An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are ad... • https://github.com/p33d/CVE-2024-43363 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45291 – Path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled in PHPSpreadsheet
https://notcve.org/view.php?id=CVE-2024-45291
07 Oct 2024 — Note that any PHP protocol wrappers can be used, meaning that if for example the `expect://` wrapper is enabled, also remote code execution is possible. • https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-w9xv-qf98-ccq4 • CWE-36: Absolute Path Traversal CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-31449 – Lua library commands may lead to stack overflow and RCE in Redis
https://notcve.org/view.php?id=CVE-2024-31449
07 Oct 2024 — An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. ... This flaw allows an authenticated user to use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may lead to remote code execution. • https://github.com/redis/redis/commit/1f7c148be2cbacf7d50aa461c58b871e87cc5ed9 • CWE-20: Improper Input Validation CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47559 – Authenticated RCE via Path Traversal
https://notcve.org/view.php?id=CVE-2024-47559
07 Oct 2024 — Authenticated RCE via Path Traversal • https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47558 – Authenticated RCE via Path Traversal
https://notcve.org/view.php?id=CVE-2024-47558
07 Oct 2024 — Authenticated RCE via Path Traversal • https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •