CVE-2024-23922 – Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23922
Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. ... An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-22939 This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. ... An attacker can leverage this vulnerability to execute code in the context of the device. • https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax5500/software/00274156 https://www.zerodayinitiative.com/advisories/ZDI-24-874 • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2024-37673
https://notcve.org/view.php?id=CVE-2024-37673
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the filename parameter. • http://docubase.com http://tessi.com https://github.com/MohamedAzizMSALLEMI/Docubase_Security/blob/main/CVE-2024-37673.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-23972 – Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23972
Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. ... An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23185 This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. ... An attacker can leverage this vulnerability to execute code in the context of the device. • https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax5500/software/00274156 https://www.zerodayinitiative.com/advisories/ZDI-24-876 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-39350 – Synology BC500 Improper Compartmentalization Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-39350
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of user accounts. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 • CWE-290: Authentication Bypass by Spoofing •
CVE-2024-23933 – Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23933
Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. ... An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23238 This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. ... An attacker can leverage this vulnerability to execute code in the context of the device. • https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax5500/software/00274156 https://www.zerodayinitiative.com/advisories/ZDI-24-877 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •