CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2023-49501
https://notcve.org/view.php?id=CVE-2023-49501
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component. • https://github.com/FFmpeg/FFmpeg https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY https://trac.ffmpeg.org/ticket/10686 https://trac.ffmpeg.org/ticket/10686#no1 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-50008
https://notcve.org/view.php?id=CVE-2023-50008
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the av_malloc function in libavutil/mem.c:105:9 component. • https://github.com/FFmpeg/FFmpeg/commit/5f87a68cf70dafeab2fb89b42e41a4c29053b89b https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY https://trac.ffmpeg.org/ticket/10701 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-32409
https://notcve.org/view.php?id=CVE-2024-32409
An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script. • http://semcms.com http://www.sem-cms.com https://gitee.com/whats-the-bad-idea/cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1567 – Royal Elementor Addons and Templates <= 1.3.94 - Unauthenticated Limited File Upload
https://notcve.org/view.php?id=CVE-2024-1567
This makes it possible for unauthenticated attackers to upload dangerous file types such as .svgz on the affected site's server which may make cross-site scripting or remote code execution possible. • https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.3.89/classes/modules/forms/wpr-file-upload.php#L105 https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.3.90/classes/modules/forms/wpr-file-upload.php https://plugins.trac.wordpress.org/changeset/3056612/royal-elementor-addons/tags/1.3.95/classes/modules/forms/wpr-file-upload.php?old=3055840&old_path=royal-elementor-addons%2Ftags%2F1.3.94%2Fclasses%2Fmodules%2Fforms%2Fwpr-file-upload.php https://www.wordfence& • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-32391
https://notcve.org/view.php?id=CVE-2024-32391
Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote attacker to execute arbitrary code via a crafted payload. • https://github.com/magicblack/maccms10/issues/1133 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •