CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 0CVE-2024-8384 – mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions
https://notcve.org/view.php?id=CVE-2024-8384
03 Sep 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ... An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. An attacker could pote... • https://bugzilla.mozilla.org/show_bug.cgi?id=1911288 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2024-8383 – mozilla: Firefox did not ask before openings news: links in an external application
https://notcve.org/view.php?id=CVE-2024-8383
03 Sep 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ... An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. An attacker could pote... • https://bugzilla.mozilla.org/show_bug.cgi?id=1908496 • CWE-862: Missing Authorization CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 0CVE-2024-8382 – mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran
https://notcve.org/view.php?id=CVE-2024-8382
03 Sep 2024 — If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1906744 • CWE-273: Improper Check for Dropped Privileges CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 0CVE-2024-8381 – mozilla: Type confusion when looking up a property name in a "with" block
https://notcve.org/view.php?id=CVE-2024-8381
03 Sep 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ... An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. An attacker could pote... • https://bugzilla.mozilla.org/show_bug.cgi?id=1912715 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8374 – Arbitrary Code Injection in Cura
https://notcve.org/view.php?id=CVE-2024-8374
03 Sep 2024 — UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py). ... When a 3MF file is loaded in Cura, the value of the drop_to_buildplate property is passed to the Python eval() function without proper sanitization, allowing an attacker to execute arbitrary code by crafting a malicious 3MF file. • https://github.com/Ultimaker/Cura/commit/285a241eb28da3188c977f85d68937c0dad79c50 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44809
https://notcve.org/view.php?id=CVE-2024-44809
03 Sep 2024 — A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. • https://jacobmasse.medium.com/cve-2024-44809-remote-code-execution-in-raspberry-pi-camera-project-4b8e3486a628 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38456 – Vivavis HIGH-LEIT 4 / 5 Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-38456
03 Sep 2024 — A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. Vivavis HIGH-LEIT versions 4 and 5 allow attackers to execute arbitrary code as local system on systems where the "HL-InstallService-hlxw" or "HL-InstallService-hlnt" Windows service is running. ... The execution of the exploit is trivial and might affect other systems if the applications folder i... • https://www.vivavis.com/en/vivavis-high-leit-rce-vulnerability-cve-2024-38456 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42902
https://notcve.org/view.php?id=CVE-2024-42902
03 Sep 2024 — An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php function • https://bugs.limesurvey.org/view.php?id=19639 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42901
https://notcve.org/view.php?id=CVE-2024-42901
03 Sep 2024 — A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file. • https://github.com/LimeSurvey/LimeSurvey/pull/3884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45623
https://notcve.org/view.php?id=CVE-2024-45623
02 Sep 2024 — D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). • https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10406 • CWE-94: Improper Control of Generation of Code ('Code Injection') •