CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-5875 – IrfanView SHP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5875
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-5836
https://notcve.org/view.php?id=CVE-2024-5836
Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. • https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/341875171 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-5834
https://notcve.org/view.php?id=CVE-2024-5834
Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. • https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/342840932 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28877 – MicroDicom DICOM Viewer Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-28877
MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-163-01 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37301 – document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
https://notcve.org/view.php?id=CVE-2024-37301
Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the affected system. • https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074 https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •