CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6361 – Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane product.
https://notcve.org/view.php?id=CVE-2024-6361
05 Aug 2024 — The vulnerability could cause remote code execution attack. ... The vulnerability could cause remote code execution attack. • https://portal.microfocus.com/s/article/KM000032605?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 9CVE-2024-38856 – Apache OFBiz Incorrect Authorization Vulnerability
https://notcve.org/view.php?id=CVE-2024-38856
05 Aug 2024 — Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints). This vulnerability allows remote attackers to bypass authentication on affected installations of Apache OFBiz. ... Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution ... • https://github.com/codeb0ss/CVE-2024-38856-PoC • CWE-863: Incorrect Authorization •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7540 – oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-7540
05 Aug 2024 — An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code<... • https://www.zerodayinitiative.com/advisories/ZDI-24-1080 • CWE-457: Use of Uninitialized Variable •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7511 – Trimble SketchUp Pro SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-7511
05 Aug 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp Pro. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp Pro. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. An attacker can leverage this in conjunction with other vulnerabilities to ex... • https://www.zerodayinitiative.com/advisories/ZDI-24-1057 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7545 – oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7545
05 Aug 2024 — This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to execute code in the context of the service account. An attacker can leverage th... • https://www.zerodayinitiative.com/advisories/ZDI-24-1085 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7547 – oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7547
05 Aug 2024 — This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to execute code in the context of the service account. An attacker can leverage th... • https://www.zerodayinitiative.com/advisories/ZDI-24-1087 • CWE-121: Stack-based Buffer Overflow •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7542 – oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-7542
05 Aug 2024 — An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code<... • https://www.zerodayinitiative.com/advisories/ZDI-24-1082 • CWE-457: Use of Uninitialized Variable •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6315 – Blox Page Builder <= 1.0.65 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6315
05 Aug 2024 — This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/blox-page-builder/trunk/inc_php/unitecreator_assets.class.php?rev=1866874#L979 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7543 – oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7543
05 Aug 2024 — This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to execute code in the context of the service account. An attacker can leverage th... • https://www.zerodayinitiative.com/advisories/ZDI-24-1083 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7510 – Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7510
05 Aug 2024 — Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An atta... • https://www.zerodayinitiative.com/advisories/ZDI-24-1056 • CWE-416: Use After Free •