CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13044 – Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-13044
30 Dec 2024 — Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. ... An attacker can leverage this vulnerability to execute code in the context of the current ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1728 • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-7074 – WSO2 API Manager SynapseArtifactUploaderAdmin Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7074
30 Dec 2024 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of WSO2 API Manager. ... An attacker can leverage this vulnerability to execute code in the context of the service account. •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13049 – Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-13049
30 Dec 2024 — Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. ... An attacker can leverage this vulnerability to execute code in the context of the current proce... • https://www.zerodayinitiative.com/advisories/ZDI-24-1733 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12753 – Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-12753
30 Dec 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and execute... • https://www.foxit.com/support/security-bulletins.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13046 – Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-13046
30 Dec 2024 — Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. ... An attacker can leverage this vulnerability to execute code in the context of the current ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1730 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56732 – HarfBuzz heap-buffer-overflow on hb_cairo_glyphs_from_buffer
https://notcve.org/view.php?id=CVE-2024-56732
27 Dec 2024 — A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://github.com/harfbuzz/harfbuzz/commit/1767f99e2e2196c3fcae27db6d8b60098d3f6d26 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53164 – net: sched: fix ordering of qlen adjustment
https://notcve.org/view.php?id=CVE-2024-53164
27 Dec 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/44782565e1e6174c94bddfa72ac7267cd09c1648 •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50717
https://notcve.org/view.php?id=CVE-2024-50717
27 Dec 2024 — SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the client parameter in the /recuperaLog.php component. • https://packetstorm.news/files/id/182449 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50716
https://notcve.org/view.php?id=CVE-2024-50716
27 Dec 2024 — SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the id parameter in the /sendPushManually.php component. • https://packetstorm.news/files/id/182449 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12908
https://notcve.org/view.php?id=CVE-2024-12908
26 Dec 2024 — If this attack were successfully exploited, a remote attacker may be able to convince a user to visit a malicious web-page, or open a malicious document which could trigger the vulnerable handler, allowing them to execute arbitrary code on the user's machine. ... If this attack were successfully exploited, a remote attacker may be able to convince a user to visit a malicious web-page, or open a malicious document which could trigger the vulnerable handler, allowing them to executeremote-code-execution-via-update-process • CWE-94: Improper Control of Generation of Code ('Code Injection') •