CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27828
https://notcve.org/view.php?id=CVE-2024-27828
An app may be able to execute arbitrary code with kernel privileges. • http://seclists.org/fulldisclosure/2024/Jun/5 https://support.apple.com/en-us/HT214101 https://support.apple.com/en-us/HT214102 https://support.apple.com/en-us/HT214104 https://support.apple.com/en-us/HT214108 https://support.apple.com/kb/HT214101 https://support.apple.com/kb/HT214102 https://support.apple.com/kb/HT214104 https://support.apple.com/kb/HT214108 • CWE-786: Access of Memory Location Before Start of Buffer CWE-788: Access of Memory Location After End of Buffer •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27833 – webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2024-27833
Processing maliciously crafted web content may lead to arbitrary code execution. ... This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient input validation, which attackers could exploit to execute malicious code on affected systems. • http://seclists.org/fulldisclosure/2024/Jun/5 https://support.apple.com/en-us/HT214100 https://support.apple.com/en-us/HT214101 https://support.apple.com/en-us/HT214102 https://support.apple.com/en-us/HT214103 https://support.apple.com/en-us/HT214108 https://access.redhat.com/security/cve/CVE-2024-27833 https://bugzilla.redhat.com/show_bug.cgi?id=2314700 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36418 – SuiteCRM authenticated RCE using connectors
https://notcve.org/view.php?id=CVE-2024-36418
Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-mfj5-37v4-vh5w • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36415 – SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution
https://notcve.org/view.php?id=CVE-2024-36415
Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-c82f-58jv-jfrh • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35307 – Argument Injection Leading to Remote Code Execution in Realtime Graph Extension
https://notcve.org/view.php?id=CVE-2024-35307
Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •