CVE-2024-23957 – Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23957
Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. ... An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23241 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. ... An attacker can leverage this vulnerability to execute code in the context of the device. • https://www.zerodayinitiative.com/advisories/ZDI-24-854 • CWE-121: Stack-based Buffer Overflow •
CVE-2024-6246 – Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6246
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. ... An attacker can leverage this vulnerability to execute code in the context of the kernel. •
CVE-2024-39352 – Synology BC500 Protection Mechanism Failure Software Downgrade Vulnerability
https://notcve.org/view.php?id=CVE-2024-39352
This allows remote authenticated users with administrator privileges to bypass firmware integrity check via unspecified vectors. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 • CWE-863: Incorrect Authorization •
CVE-2024-23923 – Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23923
Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. ... An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22945 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. ... An attacker can leverage this vulnerability to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-844 • CWE-416: Use After Free •
CVE-2024-37672
https://notcve.org/view.php?id=CVE-2024-37672
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the idactivity parameter. • http://docubase.com http://tessi.com https://github.com/MohamedAzizMSALLEMI/Docubase_Security/blob/main/CVE-2024-37672.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •