CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10979 – PostgreSQL PL/Perl environment variable changes execute arbitrary code
https://notcve.org/view.php?id=CVE-2024-10979
14 Nov 2024 — That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. • https://www.postgresql.org/support/security/CVE-2024-10979 • CWE-15: External Control of System or Configuration Setting •
CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 0CVE-2023-34049 – Salt security advisory release - 2023-OCT-27
https://notcve.org/view.php?id=CVE-2023-34049
14 Nov 2024 — Multiple vulnerabilities have been discovered in Salt, the worst of which can lead to arbitrary code execution. • https://saltproject.io/security-announcements/2023-10-27-advisory •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5082 – Nexus Repository 2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-5082
14 Nov 2024 — A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2. • https://support.sonatype.com/hc/en-us/articles/30694125380755 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-36488 – Intel Driver & Support Assistant Log Folder Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-36488
13 Nov 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Intel Driver & Support Assistant service. By creating a symbolic link, an attacker can abuse the service to create an arbitrary directory with weak permissions. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01200.html • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43091
https://notcve.org/view.php?id=CVE-2024-43091
13 Nov 2024 — This could lead to remote code execution with no additional execution privileges needed. • https://android.googlesource.com/platform/external/skia/+/0b628a960e74197ace9831ef0727f5ba7ab6ac10 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-49379 – Remote Code Execution (RCE) via Cross-Site Scripting (XSS) in Umbrel
https://notcve.org/view.php?id=CVE-2024-49379
13 Nov 2024 — Umbrel is a home server OS for self-hosting. The login functionality of Umbrel before version 1.2.2 contains a reflected cross-site scripting (XSS) vulnerability in use-auth.tsx. An attacker can specify a malicious redirect query parameter to trigger the vulnerability. If a JavaScript URL is passed to the redirect parameter the attacker provided JavaScript will be executed after the user entered their password and clicked on login. This vulnerability is fixed in 1.2.2. • https://github.com/OHDUDEOKNICE/CVE-2024-49379 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35686
https://notcve.org/view.php?id=CVE-2023-35686
13 Nov 2024 — In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. • https://source.android.com/security/bulletin/2024-11-01 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35659
https://notcve.org/view.php?id=CVE-2023-35659
13 Nov 2024 — In DevmemIntChangeSparse of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. • https://source.android.com/security/bulletin/2024-11-01 •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52291 – Craft has a Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution
https://notcve.org/view.php?id=CVE-2024-52291
13 Nov 2024 — This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. • https://github.com/craftcms/cms/security/advisories/GHSA-jrh5-vhr9-qh7q • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52293 – Craft has a Potential Remote Code Execution via missing path normalization & Twig SSTI
https://notcve.org/view.php?id=CVE-2024-52293
13 Nov 2024 — Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. • https://github.com/craftcms/cms/commit/123e48a696de1e2f63ab519d4730eb3b87beaa58 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •