CVE-2024-23933 – Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23933
Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. ... An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23238 This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. ... An attacker can leverage this vulnerability to execute code in the context of the device. • https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax5500/software/00274156 https://www.zerodayinitiative.com/advisories/ZDI-24-877 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVE-2024-23935 – Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23935
Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. ... An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23249 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. ... An attacker can leverage this vulnerability to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-848 • CWE-121: Stack-based Buffer Overflow •
CVE-2024-37675
https://notcve.org/view.php?id=CVE-2024-37675
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file. • http://docubase.com http://tessi.com https://github.com/MohamedAzizMSALLEMI/Docubase_Security/blob/main/CVE-2024-37675.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-37228 – WordPress InstaWP Connect plugin <= 0.1.0.38 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-37228
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.38. ... This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-38-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-6249 – Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6249
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. ... An attacker can leverage this vulnerability to execute code in the context of root. •