CVE-2024-38983
https://notcve.org/view.php?id=CVE-2024-38983
Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the _assign() method at (/lib/index.js:91) Prototype Pollution en alykoshin mini-deep-assign v0.0.8 permite a un atacante ejecutar código arbitrario o causar una denegación de servicio (DoS) y causar otros impactos a través del método _assign() en (/lib/index.js:91) • https://gist.github.com/mestrtee/f82d0c3a8fe3a125f06425caef5d22ed • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVE-2024-39010
https://notcve.org/view.php?id=CVE-2024-39010
This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/af7a746df91ab5e944bd7a186816c262 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVE-2024-41183 – Trend Micro VPN Proxy One Pro Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-41183
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DEP Manager. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpcenter.trendmicro.com/en-us/article/tmka-14460 https://www.zerodayinitiative.com/advisories/ZDI-24-1022 https://www.zerodayinitiative.com/advisories/ZDI-24-1023 •
CVE-2024-38909
https://notcve.org/view.php?id=CVE-2024-38909
Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc. • http://elfinder.com https://github.com/B0D0B0P0T/CVE/blob/main/CVE-2024-38909 •
CVE-2024-40777 – Apple macOS ImageIO PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-40777
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://support.apple.com/en-us/HT214117 https://support.apple.com/en-us/HT214124 https://support.apple.com/en-us/HT214119 https://support.apple.com/en-us/HT214123 https://support.apple.com/en-us/HT214122 http://seclists.org/fulldisclosure/2024/Jul/16 http://seclists.org/fulldisclosure/2024/Jul/23 http://seclists.org/fulldisclosure/2024/Jul/21 http://seclists.org/fulldisclosure/2024/Jul/22 http://seclists.org/fulldisclosure/2024/Jul/18 •