CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-21379 – Microsoft Word Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-21379
Microsoft Word Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Microsoft Word This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21379 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-24857 – Race condition vulnerability in Linux kernel bluetooth in conn_info_{min,max}_age_set()
https://notcve.org/view.php?id=CVE-2024-24857
A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service. Se encontró una condición de ejecución en el controlador de dispositivo net/bluetooth del kernel de Linux en la función conn_info_{min,max}_age_set(). Esto puede provocar un problema de desbordamiento de enteros, lo que posiblemente provoque una anomalía en la conexión Bluetooth o una denegación de servicio. A race condition was found in the Linux kernel's net/bluetooth device driver within the conn_info_{min,max}_age_set() function. • https://bugzilla.openanolis.cn/show_bug.cgi?id=8155 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html https://access.redhat.com/security/cve/CVE-2024-24857 https://bugzilla.redhat.com/show_bug.cgi?id=2266247 • CWE-190: Integer Overflow or Wraparound CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.4EPSS: 0%CPEs: 38EXPL: 0CVE-2024-20016
https://notcve.org/view.php?id=CVE-2024-20016
In ged, there is a possible out of bounds write due to an integer overflow. • https://corp.mediatek.com/product-security-bulletin/February-2024 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21851 – Dsoftbus has an integer overflow vulnerability
https://notcve.org/view.php?id=CVE-2024-21851
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21845 – Dsoftbus has an integer overflow vulnerability
https://notcve.org/view.php?id=CVE-2024-21845
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md • CWE-190: Integer Overflow or Wraparound •