CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11872 – Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-11872
04 Dec 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and ... • https://trello.com/c/tcS6Jcfy/578-epic-games-launcher-1720 • CWE-276: Incorrect Default Permissions •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51772 – Authenticated Deserialization Vulnerability in ClearPass Policy Manager Web-Based Management Interface Leading to a Remote Command Execution (RCE)
https://notcve.org/view.php?id=CVE-2024-51772
03 Dec 2024 — An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51771 – Authenticated Remote Code Execution (RCE) via OGNL Injection in HPE Aruba Networking ClearPass Web-Based Management Interface
https://notcve.org/view.php?id=CVE-2024-51771
03 Dec 2024 — A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2024-49415 – Samsung S24 APE Decoder Out-Of-Bounds Write
https://notcve.org/view.php?id=CVE-2024-49415
03 Dec 2024 — Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. ... Note that this is a fully-remote (0-click) bug on the Samsung S24 if Google Messages is configured for RCS (the default configuration on this device), as the transcription service decodes incoming audio before a user interacts with the message for transcription purposes. • https://packetstorm.news/files/id/183463 •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49410
https://notcve.org/view.php?id=CVE-2024-49410
03 Dec 2024 — Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=12 •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-29404
https://notcve.org/view.php?id=CVE-2024-29404
03 Dec 2024 — An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.20240213 allows a local attacker to execute arbitrary code via the export parameter of the Chroma Effects function in the Profiles component. • https://github.com/mansk1es/CVE-2024-29404_Razer • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51114
https://notcve.org/view.php?id=CVE-2024-51114
03 Dec 2024 — An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file • https://github.com/ZackSecurity/VulnerReport/blob/cve/DCN/2.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-46625
https://notcve.org/view.php?id=CVE-2024-46625
03 Dec 2024 — An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint of InfoDom Performa 365 v4.0.1 allows attackers to execute arbitrary code via uploading a crafted SVG file. • https://github.com/EchoSl0w/Research/blob/main/2024/CVE-2024-46625.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51363
https://notcve.org/view.php?id=CVE-2024-51363
03 Dec 2024 — Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers to execute arbitrary code. • https://github.com/Gelcon/PoC-of-Hodoku-V2.3.0-RCE • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-9430
https://notcve.org/view.php?id=CVE-2018-9430
02 Dec 2024 — This could lead to remote code execution with no additional execution privileges needed. ... This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel/2018-07-01 • CWE-125: Out-of-bounds Read •