CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10944 – FactoryTalk® Updater Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-10944
12 Nov 2024 — A Remote Code Execution vulnerability exists in the affected product. ... A Remote Code Execution vulnerability exists in the affected product. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1710.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49514 – Photoshop Desktop | Integer Underflow (Wrap or Wraparound) (CWE-191)
https://notcve.org/view.php?id=CVE-2024-49514
12 Nov 2024 — Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/photoshop/apsb24-89.html • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10923 – Improper Neutralization vulnerability has been discovered in OpenText™ ALM Octane Management.
https://notcve.org/view.php?id=CVE-2024-10923
12 Nov 2024 — The vulnerability could result in a remote code execution attack. ... The vulnerability could result in a remote code execution attack. • https://portal.microfocus.com/s/article/KM000036146?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2024-49369 – Icinga 2 has a TLS Certificate Validation Bypass for JSON-RPC and HTTP API Connections
https://notcve.org/view.php?id=CVE-2024-49369
12 Nov 2024 — Multiple vulnerabilities have been discovered in Icinga2, the worst of which could lead to arbitrary code execution. • https://github.com/Quantum-Sicarius/CVE-2024-49369 • CWE-295: Improper Certificate Validation •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50336 – matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
https://notcve.org/view.php?id=CVE-2024-50336
12 Nov 2024 — A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. ... Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. • https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-xvg8-m4x3-w6xr • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49528 – Animate | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2024-49528
12 Nov 2024 — Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/animate/apsb24-76.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49526 – Animate | Use After Free (CWE-416)
https://notcve.org/view.php?id=CVE-2024-49526
12 Nov 2024 — Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/animate/apsb24-76.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7571 – Ivanti Secure Access Client Pulse Secure Service Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7571
12 Nov 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Pulse Secure Service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11005
https://notcve.org/view.php?id=CVE-2024-11005
12 Nov 2024 — Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11006
https://notcve.org/view.php?id=CVE-2024-11006
12 Nov 2024 — Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution