CVE-2024-7543 – oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7543
This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of STK command PDUs. ... An attacker can leverage this vulnerability to execute code in the context of the service account. ... This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://www.zerodayinitiative.com/advisories/ZDI-24-1083 • CWE-122: Heap-based Buffer Overflow •
CVE-2024-7508 – Trimble SketchUp Viewer SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7508
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVE-2024-7511 – Trimble SketchUp Pro SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-7511
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp Pro. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •
CVE-2024-6315 – Blox Page Builder <= 1.0.65 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6315
This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/blox-page-builder/trunk/inc_php/unitecreator_assets.class.php?rev=1866874#L979 https://www.wordfence.com/threat-intel/vulnerabilities/id/0fe551db-2073-4eeb-83da-9ce8c2c031e1?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-7541 – oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-7541
An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CMT commands. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. ... An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CMT commands. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-1081 • CWE-457: Use of Uninitialized Variable •