CVE-2024-49069 – Microsoft Excel Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49069
Microsoft Excel Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49069 • CWE-416: Use After Free •
CVE-2024-54152 – Angular Expressions - Remote Code Execution when using locals
https://notcve.org/view.php?id=CVE-2024-54152
Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. • https://github.com/peerigon/angular-expressions/commit/97f7ad94006156eeb97fc942332578b6cfbf8eef https://github.com/peerigon/angular-expressions/security/advisories/GHSA-5462-4vcx-jh7j • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-49849
https://notcve.org/view.php?id=CVE-2024-49849
This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. • https://cert-portal.siemens.com/productcert/html/ssa-800126.html • CWE-502: Deserialization of Untrusted Data •
CVE-2024-47946 – OS Command Execution through Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-47946
If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. • https://r.sec-consult.com/imageaccess https://www.imageaccess.de/?page=SupportPortal&lang=en • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-37143
https://notcve.org/view.php?id=CVE-2024-37143
An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system. • https://www.dell.com/support/kbdoc/en-us/000258342/dsa-2024-405-security-update-for-dell-products-for-multiple-vulnerabilities • CWE-59: Improper Link Resolution Before File Access ('Link Following') •