CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35515
https://notcve.org/view.php?id=CVE-2024-35515
18 Sep 2024 — Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code. • https://github.com/piskvorky/sqlitedict • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8909 – Debian Security Advisory 5773-1
https://notcve.org/view.php?id=CVE-2024-8909
17 Sep 2024 — Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8908 – Debian Security Advisory 5773-1
https://notcve.org/view.php?id=CVE-2024-8908
17 Sep 2024 — Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8907 – Debian Security Advisory 5773-1
https://notcve.org/view.php?id=CVE-2024-8907
17 Sep 2024 — Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8906 – Debian Security Advisory 5773-1
https://notcve.org/view.php?id=CVE-2024-8906
17 Sep 2024 — Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8905 – Debian Security Advisory 5773-1
https://notcve.org/view.php?id=CVE-2024-8905
17 Sep 2024 — Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8904 – Debian Security Advisory 5773-1
https://notcve.org/view.php?id=CVE-2024-8904
17 Sep 2024 — Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.4EPSS: 1%CPEs: 2EXPL: 0CVE-2024-8956 – PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-8956
17 Sep 2024 — The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. ... PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference (IDOR) vulnerability that allows a remote, attacker to bypass authentication for the /cgi-bin/param.cgi CGI script. If combined with CVE-2024-8957, this can lead to remote code execution as root. • https://ptzoptics.com/firmware-changelog • CWE-287: Improper Authentication •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42503 – Authenticated Remote Command Execution (RCE) Vulnerability in the Lua Package Within the AOS Command Line Interface (CLI)
https://notcve.org/view.php?id=CVE-2024-42503
17 Sep 2024 — Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42502 – Authenticated Remote Command Execution (RCE) Vulnerability in the AOS Command Line Interface
https://notcve.org/view.php?id=CVE-2024-42502
17 Sep 2024 — Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •