CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5580 – Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5580
22 Aug 2024 — Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. ... An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. An attacker can leverag... • https://alltena.com/en/resources/release-notes/relnotes-7-5-2 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42599
https://notcve.org/view.php?id=CVE-2024-42599
22 Aug 2024 — SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. • https://gitee.com/fushuling/cve/blob/master/CVE-2024-42599.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42761
https://notcve.org/view.php?id=CVE-2024-42761
22 Aug 2024 — A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin_schedule.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via scheduleDurationPHP parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Bus%20Ticket%20Reservation%20System%20v1.0/Stored%20XSS%20-%20Bus%20Schedule%20List.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5579 – Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5579
22 Aug 2024 — Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. ... An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. An attacker can lever... • https://alltena.com/en/resources/release-notes/relnotes-7-5-2 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8035 – Debian Security Advisory 5757-1
https://notcve.org/view.php?id=CVE-2024-8035
21 Aug 2024 — Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8034 – Debian Security Advisory 5757-1
https://notcve.org/view.php?id=CVE-2024-8034
21 Aug 2024 — Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7981 – Debian Security Advisory 5757-1
https://notcve.org/view.php?id=CVE-2024-7981
21 Aug 2024 — Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7978 – Debian Security Advisory 5757-1
https://notcve.org/view.php?id=CVE-2024-7978
21 Aug 2024 — Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html • CWE-346: Origin Validation Error •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7976 – Debian Security Advisory 5757-1
https://notcve.org/view.php?id=CVE-2024-7976
21 Aug 2024 — Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7975 – Debian Security Advisory 5757-1
https://notcve.org/view.php?id=CVE-2024-7975
21 Aug 2024 — Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html •