CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49362 – Remote Code Execution on click of <a> Link in markdown preview
https://notcve.org/view.php?id=CVE-2024-49362
14 Nov 2024 — Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an <a> link within untrusted notes. ... This vulnerability allows the execution of untrusted HTML content within the Electron window, which has full access to Node.js APIs, enabling arbitrary shell command execution. • https://github.com/laurent22/joplin/security/advisories/GHSA-hff8-hjwv-j9q7 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52524 – ReDoS in Giskard Scan text perturbation
https://notcve.org/view.php?id=CVE-2024-52524
14 Nov 2024 — A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. • https://github.com/Giskard-AI/giskard/commit/48ce81f5c626171767188d6f0669498fb613b4d3 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37285 – Kibana arbitrary code execution via YAML deserialization
https://notcve.org/view.php?id=CVE-2024-37285
14 Nov 2024 — The following Elasticsearch indices permissions are required * write privilege on the system indices .kibana_ingest* * The allow_restricted_indices flag is set to true Any of the following Kibana privileges are additionally required * Under Fleet the All privilege is granted * Under Integration the Read or All privilege is granted * Access to the fleet-setup privilege is gained through the Fleet Server’s service account token A deserialization issue in Kibana can lead to arbitrary code exec... • https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6068 – Input Validation Vulnerability exists in Arena® Input Analyzer
https://notcve.org/view.php?id=CVE-2024-6068
14 Nov 2024 — Local threat actors can exploit this issue to disclose information and to execute arbitrary code. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD17011.html • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-52302 – common-user-management Unrestricted File Upload Leading to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2024-52302
14 Nov 2024 — This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE). • https://github.com/d3sca/CVE-2024-52302 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10979 – PostgreSQL PL/Perl environment variable changes execute arbitrary code
https://notcve.org/view.php?id=CVE-2024-10979
14 Nov 2024 — That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. • https://www.postgresql.org/support/security/CVE-2024-10979 • CWE-15: External Control of System or Configuration Setting •
CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 0CVE-2023-34049 – Salt security advisory release - 2023-OCT-27
https://notcve.org/view.php?id=CVE-2023-34049
14 Nov 2024 — Multiple vulnerabilities have been discovered in Salt, the worst of which can lead to arbitrary code execution. • https://saltproject.io/security-announcements/2023-10-27-advisory •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5082 – Nexus Repository 2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-5082
14 Nov 2024 — A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2. • https://support.sonatype.com/hc/en-us/articles/30694125380755 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-36488 – Intel Driver & Support Assistant Log Folder Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-36488
13 Nov 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Intel Driver & Support Assistant service. By creating a symbolic link, an attacker can abuse the service to create an arbitrary directory with weak permissions. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01200.html • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43091
https://notcve.org/view.php?id=CVE-2024-43091
13 Nov 2024 — This could lead to remote code execution with no additional execution privileges needed. • https://android.googlesource.com/platform/external/skia/+/0b628a960e74197ace9831ef0727f5ba7ab6ac10 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •