CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45595 – D-Tale allows Remote Code Execution through the Query input on Chart Builder
https://notcve.org/view.php?id=CVE-2024-45595
Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. • https://github.com/man-group/dtale#custom-filter https://github.com/man-group/dtale/commit/b6e30969390520d1400b55acbb13e5487b8472e8 https://github.com/man-group/dtale/security/advisories/GHSA-pw44-4h99-wqff • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-33698
https://notcve.org/view.php?id=CVE-2024-33698
This could allow an unauthenticated remote attacker to execute arbitrary code. • https://cert-portal.siemens.com/productcert/html/ssa-039007.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 2.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8258 – Insecure Electron Fuses in Logitech Options Plus Allowing Arbitrary Code Execution on macOS
https://notcve.org/view.php?id=CVE-2024-8258
Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration. • https://www.electronjs.org/docs/latest/tutorial/fuses https://nvd.nist.gov/vuln/detail/CVE-2023-50643 https://nvd.nist.gov/vuln/detail/CVE-2023-49314 https://github.com/r3ggi/electroniz3r • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39381 – After Effects | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2024-39381
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. • https://helpx.adobe.com/security/products/after_effects/apsb24-55.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39385 – Premiere Pro | Use After Free (CWE-416)
https://notcve.org/view.php?id=CVE-2024-39385
An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://helpx.adobe.com/security/products/premiere_pro/apsb24-58.html • CWE-416: Use After Free •