CVE-2024-39010
https://notcve.org/view.php?id=CVE-2024-39010
This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/af7a746df91ab5e944bd7a186816c262 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVE-2024-41183 – Trend Micro VPN Proxy One Pro Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-41183
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpcenter.trendmicro.com/en-us/article/tmka-14460 https://www.zerodayinitiative.com/advisories/ZDI-24-1022 https://www.zerodayinitiative.com/advisories/ZDI-24-1023 •
CVE-2024-40777 – Apple macOS ImageIO PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-40777
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. • https://support.apple.com/en-us/HT214117 https://support.apple.com/en-us/HT214124 https://support.apple.com/en-us/HT214119 https://support.apple.com/en-us/HT214123 https://support.apple.com/en-us/HT214122 http://seclists.org/fulldisclosure/2024/Jul/16 http://seclists.org/fulldisclosure/2024/Jul/23 http://seclists.org/fulldisclosure/2024/Jul/21 http://seclists.org/fulldisclosure/2024/Jul/22 http://seclists.org/fulldisclosure/2024/Jul/18 •
CVE-2024-27826
https://notcve.org/view.php?id=CVE-2024-27826
An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/HT214101 https://support.apple.com/en-us/HT214120 https://support.apple.com/en-us/HT214106 https://support.apple.com/en-us/HT214104 https://support.apple.com/en-us/HT214123 https://support.apple.com/en-us/HT214102 https://support.apple.com/en-us/HT214118 https://support.apple.com/kb/HT214102 https://support.apple.com/kb/HT214104 https://support.apple.com/kb/HT214106 https://support.apple.com/kb/HT214101 http://seclists.org • CWE-269: Improper Privilege Management •
CVE-2024-40776 – webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-40776
A use-after-free may lead to Remote Code Execution. • https://support.apple.com/en-us/HT214121 https://support.apple.com/en-us/HT214117 https://support.apple.com/en-us/HT214116 https://support.apple.com/en-us/HT214124 https://support.apple.com/en-us/HT214119 https://support.apple.com/en-us/HT214123 https://support.apple.com/en-us/HT214122 http://seclists.org/fulldisclosure/2024/Jul/16 http://seclists.org/fulldisclosure/2024/Jul/15 http://seclists.org/fulldisclosure/2024/Jul/23 http://seclists.org/fulldisclosure/202 •