CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23151 – Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products
https://notcve.org/view.php?id=CVE-2024-23151
18 Jun 2024 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. ... A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attac... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-36999 – Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products
https://notcve.org/view.php?id=CVE-2024-36999
18 Jun 2024 — A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. ... A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An atta... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23158 – Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products
https://notcve.org/view.php?id=CVE-2024-23158
18 Jun 2024 — A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010 • CWE-416: Use After Free •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36973 – misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe()
https://notcve.org/view.php?id=CVE-2024-36973
17 Jun 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/393fc2f5948fd340d016a9557eea6e1ac2f6c60c •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36580
https://notcve.org/view.php?id=CVE-2024-36580
17 Jun 2024 — A Prototype Pollution issue in cdr0 sg 1.0.10 allows an attacker to execute arbitrary code. • https://gist.github.com/mestrtee/a75d75eca4622ad08f7cfa903a6cc9c3 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37848
https://notcve.org/view.php?id=CVE-2024-37848
17 Jun 2024 — SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 allows a local attacker to execute arbitrary code via the admin_delete.php component. • https://github.com/Lanxiy7th/lx_CVE_report-/issues/13 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37058
https://notcve.org/view.php?id=CVE-2023-37058
17 Jun 2024 — Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted command. • https://github.com/ri5c/Jlink-Router-RCE •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37840
https://notcve.org/view.php?id=CVE-2024-37840
17 Jun 2024 — SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID parameter. Vulnerabilidad de inyección SQL en Processscore.php en Itsourcecode Learning Management System Project In PHP With Source Code v1.0 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro LessonID. • https://github.com/ganzhi-qcy/cve/issues/4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-34833 – Payroll Management System 1.0 Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-34833
17 Jun 2024 — Successful exploitation of this vulnerability results in the ability to execute arbitrary code as the user running the web server. ... Payroll Management System version 1.0 suffers from a remote code execution vulnerability. • https://github.com/ShellUnease/CVE-2024-34833-payroll-management-system-rce • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36583
https://notcve.org/view.php?id=CVE-2024-36583
17 Jun 2024 — A Prototype Pollution issue in byondreal accessor <= 1.0.0 allows an attacker to execute arbitrary code via @byondreal/accessor/index. • https://gist.github.com/mestrtee/97bc2fbfbcbde3a54d5536c9adeee34c • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •