CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41961 – Elektra vulnerable to remote code execution in universal search
https://notcve.org/view.php?id=CVE-2024-41961
01 Aug 2024 — A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an `eval` sink which executes the code. • https://github.com/sapcc/elektra/commit/49aea3b365082681558bf3bf7bf4a51766cfc44d • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-6923 – Email header injection due to unquoted newlines
https://notcve.org/view.php?id=CVE-2024-6923
01 Aug 2024 — A remote attacker could possibly use this issue to bypass certain protection mechanisms. ... A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. ... A remote attacker could possibly use this issue to perform header injection. ... • https://github.com/python/cpython/issues/121650 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38481
https://notcve.org/view.php?id=CVE-2024-38481
01 Aug 2024 — A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. • https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities • CWE-125: Out-of-bounds Read •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38490
https://notcve.org/view.php?id=CVE-2024-38490
01 Aug 2024 — A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. • https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities • CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38489
https://notcve.org/view.php?id=CVE-2024-38489
01 Aug 2024 — A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event. • https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities • CWE-787: Out-of-bounds Write •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25948
https://notcve.org/view.php?id=CVE-2024-25948
01 Aug 2024 — A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. • https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities • CWE-787: Out-of-bounds Write •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25947
https://notcve.org/view.php?id=CVE-2024-25947
01 Aug 2024 — A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. • https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7255 – Debian Security Advisory 5735-1
https://notcve.org/view.php?id=CVE-2024-7255
01 Aug 2024 — Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7256 – Debian Security Advisory 5735-1
https://notcve.org/view.php?id=CVE-2024-7256
01 Aug 2024 — Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7253 – NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7253
01 Aug 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and execute... • https://kb.nomachine.com/TR07V11184 • CWE-427: Uncontrolled Search Path Element •