CVSS: 8.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-27804
https://notcve.org/view.php?id=CVE-2024-27804
An app may be able to execute arbitrary code with kernel privileges. • https://github.com/R00tkitSMM/CVE-2024-27804 http://seclists.org/fulldisclosure/2024/May/10 http://seclists.org/fulldisclosure/2024/May/12 http://seclists.org/fulldisclosure/2024/May/16 http://seclists.org/fulldisclosure/2024/May/17 https://support.apple.com/en-us/HT214101 https://support.apple.com/en-us/HT214102 https://support.apple.com/en-us/HT214104 https://support.apple.com/en-us/HT214106 https://support.apple.com/kb/HT214101 https://support.apple.com/kb/ • CWE-1325: Improperly Controlled Sequential Memory Allocation •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-27829 – Apple macOS VideoToolbox Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-27829
Processing a file may lead to unexpected app termination or arbitrary code execution. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. • http://seclists.org/fulldisclosure/2024/May/12 https://support.apple.com/en-us/HT214106 https://support.apple.com/kb/HT214106 • CWE-788: Access of Memory Location After End of Buffer •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-27813
https://notcve.org/view.php?id=CVE-2024-27813
An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. • http://seclists.org/fulldisclosure/2024/May/12 https://support.apple.com/en-us/HT214106 https://support.apple.com/kb/HT214106 •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50717 – NocoDB Allows Preview of File with Dangerous Content
https://notcve.org/view.php?id=CVE-2023-50717
This allows remote attacker to execute JavaScript code in the context of the user accessing the vector. An attacker could have used this vulnerability to execute requests in the name of a logged-in user or potentially collect information about the attacked user by displaying a malicious form. • https://github.com/nocodb/nocodb/security/advisories/GHSA-qg73-g3cf-vhhh • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31460 – Cacti SQL Injection vulnerability in lib/api_automation.php caused by reading dirty data stored in database
https://notcve.org/view.php?id=CVE-2024-31460
Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. • https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •