CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27833 – Apple Safari B3 JIT Compiler Integer Underflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-27833
10 Jun 2024 — Processing maliciously crafted web content may lead to arbitrary code execution. ... This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient input validation, which attackers could exploit to execute malicious code on affected systems. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. ... An ... • http://seclists.org/fulldisclosure/2024/Jun/5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36418 – SuiteCRM authenticated RCE using connectors
https://notcve.org/view.php?id=CVE-2024-36418
10 Jun 2024 — Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-mfj5-37v4-vh5w • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36415 – SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution
https://notcve.org/view.php?id=CVE-2024-36415
10 Jun 2024 — Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-c82f-58jv-jfrh • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35307 – Argument Injection Leading to Remote Code Execution in Realtime Graph Extension
https://notcve.org/view.php?id=CVE-2024-35307
10 Jun 2024 — Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. ... Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36971 – Android Kernel Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-36971
10 Jun 2024 — Android contains an unspecified vulnerability in the kernel that allows for remote code execution. • https://git.kernel.org/stable/c/a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32501 – Centreon updateServiceHost_MC SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-32501
10 Jun 2024 — A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. ... An attacker can leverage this vulnerability to execute code in the context of the apache user. • https://centreon.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51634 – NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51634
10 Jun 2024 — NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://kb.netgear.com/000065928/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2023-0139 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51635 – NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51635
10 Jun 2024 — NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. ... An attacker can leverage this vulnerability to execute code in the context of roo... • https://kb.netgear.com/000065928/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2023-0139 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39179 – Kernel: ksmbd: read request out-of-bounds read information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-39179
10 Jun 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. • https://access.redhat.com/security/cve/CVE-2023-39179 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37014
https://notcve.org/view.php?id=CVE-2024-37014
10 Jun 2024 — Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. • https://github.com/langflow-ai/langflow/issues/1973 • CWE-94: Improper Control of Generation of Code ('Code Injection') •