CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41605
https://notcve.org/view.php?id=CVE-2024-41605
26 Sep 2024 — An issue in Foxit Software Foxit PDF Reader v.2024.2.2.25170 allows a local attacker to execute arbitrary code via the FoxitPDFReaderUpdater.exe component In Foxit PDF Reader before 2024.3, and PDF Editor before 2024.3 and 13.x before 13.1.4, an attacker can replace an update file with a Trojan horse via side loading, because the update service lacks integrity validation for the updater. Attacker-controlled code may thus be executed. • https://www.foxit.com/support/security-bulletins.html • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46628
https://notcve.org/view.php?id=CVE-2024-46628
26 Sep 2024 — Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. • https://github.com/Question-h/vuln/blob/master/Remote%20Code%20Execution%20Vulnerability%20in%20Tenda%20G3%20Router.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9248 – Foxit PDF Reader PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9248
26 Sep 2024 — Foxit PDF Reader PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An... • https://www.foxit.com/support/security-bulletins.html • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9246 – Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9246
26 Sep 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. An attacker can leverage this in conjunction with other vulnerabilities to execute
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9243 – Foxit PDF Reader AcroForm Doc Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9243
26 Sep 2024 — Foxit PDF Reader AcroForm Doc Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker... • https://www.zerodayinitiative.com/advisories/ZDI-24-1296 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9256 – Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9256
26 Sep 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. An attacker can leverage this in conjunction with other vulnerabilities to execute
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9247 – Foxit PDF Reader Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9247
26 Sep 2024 — Foxit PDF Reader Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attac... • https://www.foxit.com/support/security-bulletins.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9254 – Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9254
26 Sep 2024 — Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker c... • https://www.foxit.com/support/security-bulletins.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22170 – Unchecked buffer in Dynamic DNS client
https://notcve.org/view.php?id=CVE-2024-22170
26 Sep 2024 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. ... An attacker can leverage this vulnerability to execute code in the context of the device. • https://www.westerndigital.com/support/product-security/wdc-24005-western-digital-my-cloud-os-5-firmware-5-29-102 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 2CVE-2024-7479 – Improper signature verification of VPN driver installation in TeamViewer Remote Clients
https://notcve.org/view.php?id=CVE-2024-7479
25 Sep 2024 — Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://packetstorm.news/files/id/182012 • CWE-347: Improper Verification of Cryptographic Signature •