CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47544 – GHSL-2024-238: GStreamer has NULL-pointer dereferences in MP4/MOV demuxer CENC handling
https://notcve.org/view.php?id=CVE-2024-47544
11 Dec 2024 — An attacker could use these issues to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch • CWE-476: NULL Pointer Dereference •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 2CVE-2024-42448
https://notcve.org/view.php?id=CVE-2024-42448
11 Dec 2024 — From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. • https://github.com/h3lye/CVE-2024-42448-RCE • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10590 – Opt-In Downloads <= 4.07 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10590
11 Dec 2024 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Due to the presence of an .htaccess file, this can only be exploited to achieve RCE on NGINX servers, unless another vulnerability is present. • https://codecanyon.net/item/subscribe-download/2687305 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 11CVE-2024-53677 – Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks
https://notcve.org/view.php?id=CVE-2024-53677
11 Dec 2024 — An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. ... • https://packetstorm.news/files/id/183165 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-12548 – Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-12548
11 Dec 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12549 – Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-12549
11 Dec 2024 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11611 – AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11611
11 Dec 2024 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12551 – Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-12551
11 Dec 2024 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11609 – AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11609
11 Dec 2024 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-12550 – Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-12550
11 Dec 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. •