CVE-2024-22268 – VMware Workstation SVGA Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-22268
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workstation. ... An attacker can leverage this vulnerability to execute code in the context of the hypervisor. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 •
CVE-2024-22267 – VMWare Workstation VBluetoothHCI_PacketOut Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-22267
A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. ... An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the VBluetoothHCI_PacketOut method. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 •
CVE-2022-32502
https://notcve.org/view.php?id=CVE-2022-32502
There is a buffer overflow over the encrypted token parsing logic in the HTTP service that allows remote code execution. • https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks https://nuki.io/en/security-updates https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2 https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options • CWE-121: Stack-based Buffer Overflow •
CVE-2024-32639 – Siemens Tecnomatix Plant Simulation MODEL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-32639
This could allow an attacker to execute code in the context of the current process. ... (ZDI-CAN-22974) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/html/ssa-923361.html • CWE-787: Out-of-bounds Write •
CVE-2024-32066 – Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-32066
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21578) Se ha identificado una vulnerabilidad en el componente PS/IGES Parasolid Translator (todas las versiones This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/html/ssa-064222.html https://cert-portal.siemens.com/productcert/html/ssa-976324.html • CWE-125: Out-of-bounds Read •