CVE-2024-7248 – Comodo Internet Security Pro Directory Traversal Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7248
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update mechanism. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-24-953 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-40396
https://notcve.org/view.php?id=CVE-2023-40396
An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/HT213936 https://support.apple.com/en-us/HT213937 https://support.apple.com/en-us/HT213938 https://support.apple.com/en-us/HT213940 •
CVE-2023-42959
https://notcve.org/view.php?id=CVE-2023-42959
An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/HT213940 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2024-6726 – Remote Code Execution (RCE) in Delphix
https://notcve.org/view.php?id=CVE-2024-6726
Versions of Delphix Engine prior to Release 25.0.0.0 contain a flaw which results in Remote Code Execution (RCE). • https://portal.perforce.com/s/detail/a91PA000001SUDtYAO • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-41810 – HTML injection in HTTP redirect body
https://notcve.org/view.php?id=CVE-2024-41810
If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. ... If exploited, a remote attacker could inject malicious HTML, causing unauthorized JavaScript execution within the victim's browser session. • https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2 https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33 https://access.redhat.com/security/cve/CVE-2024-41810 https://bugzilla.redhat.com/show_bug.cgi?id=2300497 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •