CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56732 – HarfBuzz heap-buffer-overflow on hb_cairo_glyphs_from_buffer
https://notcve.org/view.php?id=CVE-2024-56732
27 Dec 2024 — A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://github.com/harfbuzz/harfbuzz/commit/1767f99e2e2196c3fcae27db6d8b60098d3f6d26 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53164 – net: sched: fix ordering of qlen adjustment
https://notcve.org/view.php?id=CVE-2024-53164
27 Dec 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/44782565e1e6174c94bddfa72ac7267cd09c1648 •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50717
https://notcve.org/view.php?id=CVE-2024-50717
27 Dec 2024 — SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the client parameter in the /recuperaLog.php component. • https://packetstorm.news/files/id/182449 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50716
https://notcve.org/view.php?id=CVE-2024-50716
27 Dec 2024 — SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the id parameter in the /sendPushManually.php component. • https://packetstorm.news/files/id/182449 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12908
https://notcve.org/view.php?id=CVE-2024-12908
26 Dec 2024 — If this attack were successfully exploited, a remote attacker may be able to convince a user to visit a malicious web-page, or open a malicious document which could trigger the vulnerable handler, allowing them to execute arbitrary code on the user's machine. ... If this attack were successfully exploited, a remote attacker may be able to convince a user to visit a malicious web-page, or open a malicious document which could trigger the vulnerable handler, allowing them to executeremote-code-execution-via-update-process • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-54907
https://notcve.org/view.php?id=CVE-2024-54907
26 Dec 2024 — TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via formWsc. • https://github.com/MnrikSrins/totolink_A3002R_RCE • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52046 – Apache MINA: MINA applications using unbounded deserialization may allow RCE
https://notcve.org/view.php?id=CVE-2024-52046
25 Dec 2024 — This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious serialized data, potentially leading to remote code execution (RCE) attacks. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious serialized data, potentially leading to remote code execution (RCE) attacks. This issue affects MINA core versions 2.0.X, 2.1.X an... • https://lists.apache.org/thread/4wxktgjpggdbto15d515wdctohb0qmv8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41882 – Stack based buffer overflow
https://notcve.org/view.php?id=CVE-2024-41882
24 Dec 2024 — Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. ... Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41883 – Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2024-41883
24 Dec 2024 — Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR . ... Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR . • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41884 – Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2024-41884
24 Dec 2024 — Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. ... Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-476: NULL Pointer Dereference •