CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50265 – ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()
https://notcve.org/view.php?id=CVE-2024-50265
19 Nov 2024 — But the following 'rc' check is wrong and execution flow do 'ocfs2_xa_remove_entry(loc);' twice: * 1st: in ocfs2_xa_cleanup_value_truncate(); * 2nd: returning back to ocfs2_xa_remove() instead of going to 'out'. But the following 'rc' check is wrong and execution flow do 'ocfs2_xa_remove_entry(loc);' twice: * 1st: in ocfs2_xa_cleanup_value_truncate(); * 2nd: returning back to ocfs2_xa_remove() instead of going to 'out'. ... • https://git.kernel.org/stable/c/399ff3a748cf4c8c853e96dd477153202636527b •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51503 – Trend Micro Deep Security Agent Manual Scan Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-51503
19 Nov 2024 — A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. ... Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines. This vulnerability allows remote attackers to execute <... • https://success.trendmicro.com/en-US/solution/KA-0018154 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10899 – WooCommerce Product Table Lite <= 3.8.6 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-10899
19 Nov 2024 — The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. ... This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/wc-product-table-lite/tags/3.8.6/main.php#L1778 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48069
https://notcve.org/view.php?id=CVE-2024-48069
19 Nov 2024 — A remote code execution (RCE) vulnerability in the component /inventory/doCptimpoptInventory of Weaver Ecology v9.* allows attackers to execute arbitrary code via injecting a crafted payload into the name of an uploaded file. • https://gist.github.com/CoinIsMoney/5dd555805e8f974630ced8a1df8182f1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48070
https://notcve.org/view.php?id=CVE-2024-48070
19 Nov 2024 — Weaver Ecology v9* was discovered to contain a SQL injection vulnerability. An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges • https://gist.github.com/CoinIsMoney/ec863c35dfd05c7deea2afea11bf2446 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48694
https://notcve.org/view.php?id=CVE-2024-48694
19 Nov 2024 — File Upload vulnerability in Xi'an Daxi Information technology OfficeWeb365 v.8.6.1.0 and v7.18.23.0 allows a remote attacker to execute arbitrary code via the pw/savedraw component. • https://avd.aliyun.com/detail?id=AVD-2023-1678930 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10204 – Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025
https://notcve.org/view.php?id=CVE-2024-10204
19 Nov 2024 — These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted X_B or SAT file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.3ds.com/vulnerability/advisories • CWE-122: Heap-based Buffer Overflow CWE-457: Use of Uninitialized Variable •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52476 – WordPress Fediverse Embeds plugin <= 1.5.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52476
19 Nov 2024 — The Fediverse Embeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/fediverse-embeds/vulnerability/wordpress-fediverse-embeds-plugin-1-5-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11392 – Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11392
19 Nov 2024 — Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. ... An attacker can leverage this vulnerability to execute code in the context of t... • https://github.com/Piyush-Bhor/CVE-2024-11392 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11393 – Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11393
19 Nov 2024 — Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. ... An attacker can leverage this vulnerability to execute code in the context... • https://github.com/Piyush-Bhor/CVE-2024-11393 • CWE-502: Deserialization of Untrusted Data •