CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46721 – apparmor: fix possible NULL pointer dereference
https://notcve.org/view.php?id=CVE-2024-46721
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(..). In that case, it must return an error code and the code, -ENOENT represents its state that the path of its parent is not existed yet. In that case, it must return an error code and the code, -ENOENT rep... • https://git.kernel.org/stable/c/8d9da10a392a32368392f7a16775e1f36e2a5346 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46719 – usb: typec: ucsi: Fix null pointer dereference in trace
https://notcve.org/view.php?id=CVE-2024-46719
18 Sep 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46714 – drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
https://notcve.org/view.php?id=CVE-2024-46714
18 Sep 2024 — An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/0364f1f17a86d89dc39040beea4f099e60189f1b •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45679
https://notcve.org/view.php?id=CVE-2024-45679
18 Sep 2024 — Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product. • https://github.com/assimp/assimp/releases/tag/v5.4.3 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-44542
https://notcve.org/view.php?id=CVE-2024-44542
18 Sep 2024 — SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter. • https://github.com/alphandbelt/CVE-2024-44542 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40568
https://notcve.org/view.php?id=CVE-2024-40568
18 Sep 2024 — Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 allows a remote attacker to execute arbitrary code via the pb_adv_handle_tranaction_cont function in the src/mesh/pb_adv.c component • https://github.com/xiaobye-ctf/My-CVE/tree/main/BTstack/CVE-2024-40568 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35515
https://notcve.org/view.php?id=CVE-2024-35515
18 Sep 2024 — Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code. • https://github.com/piskvorky/sqlitedict • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.4EPSS: 1%CPEs: 2EXPL: 0CVE-2024-8956 – PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-8956
17 Sep 2024 — The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. ... PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference (IDOR) vulnerability that allows a remote, attacker to bypass authentication for the /cgi-bin/param.cgi CGI script. If combined with CVE-2024-8957, this can lead to remote code execution as root. • https://ptzoptics.com/firmware-changelog • CWE-287: Improper Authentication •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42503 – Authenticated Remote Command Execution (RCE) Vulnerability in the Lua Package Within the AOS Command Line Interface (CLI)
https://notcve.org/view.php?id=CVE-2024-42503
17 Sep 2024 — Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42502 – Authenticated Remote Command Execution (RCE) Vulnerability in the AOS Command Line Interface
https://notcve.org/view.php?id=CVE-2024-42502
17 Sep 2024 — Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •