CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48990 – needrestart Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-48990
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable. • https://github.com/liske/needrestart/commit/fcc9a4401392231bef4ef5ed026a0d7a275149ab https://www.cve.org/CVERecord?id=CVE-2024-48990 https://www.qualys.com/2024/11/19/needrestart/needrestart.txt • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10204 – Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025
https://notcve.org/view.php?id=CVE-2024-10204
These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted X_B or SAT file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.3ds.com/vulnerability/advisories • CWE-122: Heap-based Buffer Overflow CWE-457: Use of Uninitialized Variable •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-11392 – Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11392
Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. ... An attacker can leverage this vulnerability to execute code in the context of the current user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://www.zerodayinitiative.com/advisories/ZDI-24-1513 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48069
https://notcve.org/view.php?id=CVE-2024-48069
A remote code execution (RCE) vulnerability in the component /inventory/doCptimpoptInventory of Weaver Ecology v9.* allows attackers to execute arbitrary code via injecting a crafted payload into the name of an uploaded file. • https://gist.github.com/CoinIsMoney/5dd555805e8f974630ced8a1df8182f1 https://github.com/stuven1989/TemporaryGuild/blob/main/guild2.md • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48694
https://notcve.org/view.php?id=CVE-2024-48694
File Upload vulnerability in Xi'an Daxi Information technology OfficeWeb365 v.8.6.1.0 and v7.18.23.0 allows a remote attacker to execute arbitrary code via the pw/savedraw component. • https://avd.aliyun.com/detail?id=AVD-2023-1678930 https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/32024c5dbb7ff60fa7347cccf6ebb3763a513e7a/docs/wiki/webapp/OfficeWeb365/OfficeWeb365%20SaveDraw%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.md?plain=1#L24 https://github.com/Threekiii/Vulnerability-Wiki/blob/master/docs-base/docs/webapp/OfficeWeb365-SaveDraw-%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.md https:/&# • CWE-94: Improper Control of Generation of Code ('Code Injection') •