CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47607 – GHSL-2024-116: Stack-buffer overflow in gst_opus_dec_parse_header
https://notcve.org/view.php?id=CVE-2024-47607
11 Dec 2024 — An attacker could use these issues to cause GStreamer Base Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037.patch • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47606 – GHSL-2024-166: GStreamer Integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes
https://notcve.org/view.php?id=CVE-2024-47606
11 Dec 2024 — This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. ... An attacker could use this issue to cause GStreamer to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47602 – GHSL-2024-250: Streamer NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer
https://notcve.org/view.php?id=CVE-2024-47602
11 Dec 2024 — This function does not properly check the validity of the stream->codec_priv pointer in the following code. ... An attacker could use these issues to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47597 – GHSL-2024-245: GStreamer has an OOB-read in qtdemux_parse_samples
https://notcve.org/view.php?id=CVE-2024-47597
11 Dec 2024 — The following code snippet shows the call to qt_atom_parser_get_offset_unchecked, which leads to the OOB-read when parsing the provided GHSL-2024-245_crash1.mp4 file. ... An attacker could use these issues to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47544 – GHSL-2024-238: GStreamer has NULL-pointer dereferences in MP4/MOV demuxer CENC handling
https://notcve.org/view.php?id=CVE-2024-47544
11 Dec 2024 — An attacker could use these issues to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch • CWE-476: NULL Pointer Dereference •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 2CVE-2024-42448
https://notcve.org/view.php?id=CVE-2024-42448
11 Dec 2024 — From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. • https://github.com/h3lye/CVE-2024-42448-RCE • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12382 – Debian Security Advisory 5829-1
https://notcve.org/view.php?id=CVE-2024-12382
11 Dec 2024 — Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12381 – Debian Security Advisory 5829-1
https://notcve.org/view.php?id=CVE-2024-12381
11 Dec 2024 — Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10590 – Opt-In Downloads <= 4.07 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10590
11 Dec 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Due to the presence of an .htaccess file, this can only be exploited to achieve RCE on NGINX servers, unless another vulnerability is present. • https://codecanyon.net/item/subscribe-download/2687305 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 11CVE-2024-53677 – Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks
https://notcve.org/view.php?id=CVE-2024-53677
11 Dec 2024 — An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. ... • https://packetstorm.news/files/id/183165 • CWE-434: Unrestricted Upload of File with Dangerous Type •