CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43489 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43489
19 Sep 2024 — Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43489 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43496 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43496
19 Sep 2024 — Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43496 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38016 – Microsoft Office Visio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38016
19 Sep 2024 — Microsoft Office Visio Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38016 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8375 – Object deserialization in Reverb leading to RCE
https://notcve.org/view.php?id=CVE-2024-8375
19 Sep 2024 — There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance. Afterwards, Reverb copies the content in tensor_content to the previously mentioned pre-allocated memory, which results in the bytes in tensor_content overwriting the vtable pointers of all the objects which were previ... • https://github.com/google-deepmind/reverb/commit/6a0dcf4c9e842b7f999912f792aaa6f6bd261a25 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46946
https://notcve.org/view.php?id=CVE-2024-46946
19 Sep 2024 — langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. • https://docs.sympy.org/latest/modules/codegen.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40125
https://notcve.org/view.php?id=CVE-2024-40125
19 Sep 2024 — An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint. • https://github.com/brendontkl/My-CVEs/tree/main/CVE-2024-40125 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 3%CPEs: 1EXPL: 1CVE-2024-46986 – Arbitrary file write leading to RCE in Camaleon CMS
https://notcve.org/view.php?id=CVE-2024-46986
18 Sep 2024 — This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. • https://codeql.github.com/codeql-query-help/ruby/rb-path-injection • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-34026
https://notcve.org/view.php?id=CVE-2024-34026
18 Sep 2024 — A specially crafted EtherNet/IP request can lead to remote code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2005 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46800 – sch/netem: fix use after free in netem_dequeue
https://notcve.org/view.php?id=CVE-2024-46800
18 Sep 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/50612537e9ab29693122fab20fc1eed235054ffe •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46798 – ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
https://notcve.org/view.php?id=CVE-2024-46798
18 Sep 2024 — A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. ... A physically proximate remote attacker could use this to expose sensitive information. • https://git.kernel.org/stable/c/a72706ed8208ac3f72d1c3ebbc6509e368b0dcb0 •