CVE-2024-20093
https://notcve.org/view.php?id=CVE-2024-20093
This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/October-2024 • CWE-125: Out-of-bounds Read •
CVE-2024-20091
https://notcve.org/view.php?id=CVE-2024-20091
This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/October-2024 • CWE-125: Out-of-bounds Read •
CVE-2024-45293 – XML External Entity Reference (XXE) in PHPSpreadsheet's XLSX reader
https://notcve.org/view.php?id=CVE-2024-45293
On servers that allow users to upload their own Excel (XLSX) sheets, Server files and sensitive information can be disclosed by providing a crafted sheet. ... Sensitive information disclosure through the XXE on sites that allow users to upload their own excel spreadsheets, and parse them using PHPSpreadsheet's Excel parser. ... On servers that allow users to upload their own Excel (XLSX) sheets, Server files, and sensitive information can be disclosed by providing a crafted sheet. • https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-6hwr-6v2f-3m88 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2024-47136
https://notcve.org/view.php?id=CVE-2024-47136
Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. • https://jvn.jp/en/vu/JVNVU92808077 https://www.electronics.jtekt.co.jp/en/topics/202410026928 https://www.electronics.jtekt.co.jp/jp/topics/2024100217388 • CWE-125: Out-of-bounds Read •
CVE-2024-47135
https://notcve.org/view.php?id=CVE-2024-47135
Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. • https://jvn.jp/en/vu/JVNVU92808077 https://www.electronics.jtekt.co.jp/en/topics/202410026928 https://www.electronics.jtekt.co.jp/jp/topics/2024100217388 • CWE-121: Stack-based Buffer Overflow •