CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49410
https://notcve.org/view.php?id=CVE-2024-49410
03 Dec 2024 — Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=12 •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-29404
https://notcve.org/view.php?id=CVE-2024-29404
03 Dec 2024 — An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.20240213 allows a local attacker to execute arbitrary code via the export parameter of the Chroma Effects function in the Profiles component. • https://github.com/mansk1es/CVE-2024-29404_Razer • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51114
https://notcve.org/view.php?id=CVE-2024-51114
03 Dec 2024 — An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file • https://github.com/ZackSecurity/VulnerReport/blob/cve/DCN/2.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-46625
https://notcve.org/view.php?id=CVE-2024-46625
03 Dec 2024 — An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint of InfoDom Performa 365 v4.0.1 allows attackers to execute arbitrary code via uploading a crafted SVG file. • https://github.com/EchoSl0w/Research/blob/main/2024/CVE-2024-46625.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51363
https://notcve.org/view.php?id=CVE-2024-51363
03 Dec 2024 — Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers to execute arbitrary code. • https://github.com/Gelcon/PoC-of-Hodoku-V2.3.0-RCE • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-9430
https://notcve.org/view.php?id=CVE-2018-9430
02 Dec 2024 — This could lead to remote code execution with no additional execution privileges needed. ... This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel/2018-07-01 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9418
https://notcve.org/view.php?id=CVE-2018-9418
02 Dec 2024 — This could lead to remote code execution with no additional execution privileges needed. ... This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel/2018-07-01 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9413
https://notcve.org/view.php?id=CVE-2018-9413
02 Dec 2024 — This could lead to remote code execution with no additional execution privileges needed. ... This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel/2018-07-01 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53992 – unzip-bot Allows Remote Code Execution (RCE) via archive extraction, password prompt, or video upload
https://notcve.org/view.php?id=CVE-2024-53992
02 Dec 2024 — unzip-bot is a Telegram bot to extract various types of archives. Users could exploit unsanitized inputs to inject malicious commands that are executed through subprocess.Popen with shell=True. Attackers can exploit this vulnerability using a crafted archive name, password, or video name. This vulnerability is fixed in 7.0.3a. unzip-bot es un bot de Telegram que extrae distintos tipos de archivos. Los usuarios podrían aprovechar las entradas no desinfectadas para inyectar comandos maliciosos que se ejecutan... • https://github.com/EDM115/unzip-bot/commit/5213b693eabb562842cdbf21c1074e91bfa00274 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8785 – WhatsUp Gold Registry Overwrite Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8785
02 Dec 2024 — In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024 • CWE-648: Incorrect Use of Privileged APIs •