CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-34781 – Ivanti Endpoint Manager Report_Run SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-34781
13 Nov 2024 — SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-34784 – Ivanti Endpoint Manager DBDR SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-34784
13 Nov 2024 — SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52400 – WordPress Gallerio plugin <= 1.01 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52400
13 Nov 2024 — The Gallerio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.01. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/gallerio/wordpress-gallerio-plugin-1-01-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52406 – WordPress CSV to html plugin <= 3.04 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52406
13 Nov 2024 — The CSV to html plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.26. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/csv-to-html/wordpress-csv-to-html-plugin-3-04-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49509 – InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
https://notcve.org/view.php?id=CVE-2024-49509
12 Nov 2024 — InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/indesign/apsb24-88.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49507 – InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
https://notcve.org/view.php?id=CVE-2024-49507
12 Nov 2024 — InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. ... InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/indesign/apsb24-88.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49508 – InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
https://notcve.org/view.php?id=CVE-2024-49508
12 Nov 2024 — InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. ... InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/indesign/apsb24-88.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11117 – Debian Security Advisory 5817-1
https://notcve.org/view.php?id=CVE-2024-11117
12 Nov 2024 — (Chromium security severity: Low) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11116 – Debian Security Advisory 5817-1
https://notcve.org/view.php?id=CVE-2024-11116
12 Nov 2024 — (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11115 – Debian Security Advisory 5817-1
https://notcve.org/view.php?id=CVE-2024-11115
12 Nov 2024 — (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •