CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-23286 – Apple macOS CoreGraphics Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-23286
08 Mar 2024 — Processing an image may lead to arbitrary code execution. • http://seclists.org/fulldisclosure/2024/Mar/21 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2024-23284 – Apple Security Advisory 03-07-2024-7
https://notcve.org/view.php?id=CVE-2024-23284
08 Mar 2024 — Nan Wang and Rushikesh Nandedkar discovered that processing maliciously crafted web content may lead to arbitrary code execution. • http://seclists.org/fulldisclosure/2024/Mar/20 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23247 – Apple Security Advisory 03-07-2024-2
https://notcve.org/view.php?id=CVE-2024-23247
08 Mar 2024 — Processing a file may lead to unexpected app termination or arbitrary code execution. • http://seclists.org/fulldisclosure/2024/Mar/21 •
CVSS: 10.0EPSS: 0%CPEs: 23EXPL: 0CVE-2024-23226 – Apple Security Advisory 03-07-2024-7
https://notcve.org/view.php?id=CVE-2024-23226
08 Mar 2024 — Processing web content may lead to arbitrary code execution. • http://seclists.org/fulldisclosure/2024/Mar/21 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28115 – Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled
https://notcve.org/view.php?id=CVE-2024-28115
07 Mar 2024 — FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. • https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0917
https://notcve.org/view.php?id=CVE-2024-0917
07 Mar 2024 — remote code execution in paddlepaddle/paddle 2.6.0 ejecución remota de código en paddlepaddle/paddle 2.6.0 • https://huntr.com/bounties/2d840735-e255-4700-9709-6f7361829119 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-51395 – Z-Wave S0 Decryption Vulnerability in End Devices
https://notcve.org/view.php?id=CVE-2023-51395
07 Mar 2024 — This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. • https://community.silabs.com/068Vm0000029Xq5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22857
https://notcve.org/view.php?id=CVE-2024-22857
07 Mar 2024 — An attacker can exploit this vulnerability to overwrite the zlog_record_fn record_func function pointer to get arbitrary code execution or potentially cause remote code execution (RCE). zlog 1.2.16 tiene un desbordamiento de búfer de almacenamiento dinámico en la estructura zlog_rule_s mientras crea una nueva regla que ya está definida en el archivo de configuración proporcionado. • https://www.ebryx.com/blogs/arbitrary-code-execution-in-zlog-cve-2024-22857 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41503
https://notcve.org/view.php?id=CVE-2023-41503
07 Mar 2024 — Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function. Se descubrió que Student Enrollment In PHP v1.0 contiene una vulnerabilidad de inyección SQL a través de la función de inicio de sesión. • https://github.com/ASR511-OO7/CVE-2023-41503 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27934 – *const c_void / ExternalPointer unsoundness leading to use-after-free
https://notcve.org/view.php?id=CVE-2024-27934
06 Mar 2024 — Starting in version 1.36.2 and prior to version 1.40.3, use of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Use of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, which is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of ... • https://github.com/denoland/deno/security/advisories/GHSA-3j27-563v-28wf • CWE-416: Use After Free •