CVE-2024-54506
https://notcve.org/view.php?id=CVE-2024-54506
An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware. • https://support.apple.com/en-us/121839 • CWE-125: Out-of-bounds Read •
CVE-2024-44242
https://notcve.org/view.php?id=CVE-2024-44242
An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware. • https://support.apple.com/en-us/121563 • CWE-787: Out-of-bounds Write •
CVE-2024-55652 – PwnDoc Server-Side Template Injection vulnerability - Sandbox Escape to RCE using custom filters
https://notcve.org/view.php?id=CVE-2024-55652
Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the contents of the template document is able to execute arbitrary code on the system. • https://github.com/pwndoc/pwndoc/blob/main/backend/src/lib/report-filters.js#L258-L260 https://github.com/pwndoc/pwndoc/commit/1d4219c596f4f518798492e48386a20c6e9a2fe6 https://github.com/pwndoc/pwndoc/security/advisories/GHSA-jw5r-6927-hwpc • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVE-2024-47606 – GHSL-2024-166: GStreamer Integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes
https://notcve.org/view.php?id=CVE-2024-47606
This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch https://gstreamer.freedesktop.org/security/sa-2024-0014.html https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer https://access.redhat.com/security/cve/CVE-2024-47606 https://bugzilla.redhat.com/show_bug.cgi?id=2331760 • CWE-190: Integer Overflow or Wraparound •
CVE-2024-42448
https://notcve.org/view.php?id=CVE-2024-42448
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. • https://github.com/h3lye/CVE-2024-42448-RCE https://github.com/zetraxz/CVE-2024-42448 https://www.veeam.com/kb4679 • CWE-94: Improper Control of Generation of Code ('Code Injection') •