CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-25110 – Azure IoT Platform Device SDK Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-25110
The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability. UAMQP es una librería C de uso general para AMQP 1.0. • https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695 https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-c646-4whf-r67v • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25096 – WordPress canto plugin <= 3.0.7 - Unauth. Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-25096
Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. • https://patchstack.com/database/vulnerability/canto/wordpress-canto-plugin-3-0-6-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-25713
https://notcve.org/view.php?id=CVE-2024-25713
yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and pool_realloc.) yyjson hasta 0.8.0 tiene un doble free, lo que lleva a la ejecución remota de código en algunos casos, porque la función pool_free carece de comprobaciones de bucle. (pool_free es parte del asignador de series de grupos, junto con pool_malloc y pool_realloc). • https://github.com/ibireme/yyjson/security/advisories/GHSA-q4m7-9pcm-fpxh https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KQ67T4R7QEWURW5NMCCVLTBASL4ECHE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NNICQVIF7BRYFWYRL3HPVAJIPXN4OVTX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKQPEREDUDKGYJMFNFDQVYCVLWDRO2Y2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24821 – Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php in Composer
https://notcve.org/view.php?id=CVE-2024-24821
As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. • https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5 https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 4CVE-2024-25003 – KiTTY 0.76.1.13 - 'Start Duplicated Session Hostname' Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-25003
This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution. • https://www.exploit-db.com/exploits/51890 http://packetstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.html http://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.html http://seclists.org/fulldisclosure/2024/Feb/13 http://seclists.org/fulldisclosure/2024/Feb/14 https://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004 • CWE-787: Out-of-bounds Write •