CVE-2024-47134
https://notcve.org/view.php?id=CVE-2024-47134
Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. • https://jvn.jp/en/vu/JVNVU92808077 https://www.electronics.jtekt.co.jp/en/topics/202410026928 https://www.electronics.jtekt.co.jp/jp/topics/2024100217388 • CWE-787: Out-of-bounds Write •
CVE-2024-28888
https://notcve.org/view.php?id=CVE-2024-28888
A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1967 https://www.foxit.com/support/security-bulletins.html • CWE-416: Use After Free •
CVE-2024-9174 – Stored HTML Injection in Hubshare social module
https://notcve.org/view.php?id=CVE-2024-9174
Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI • https://product.m-files.com/security-advisories/cve-2024-9174 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-45186
https://notcve.org/view.php?id=CVE-2024-45186
FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials. • https://filesender.org/vulnerability-in-filesender-versions-below-2-49-and-3-x-beta • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-9394 – firefox: thunderbird: Cross-origin access to JSON contents through multipart responses
https://notcve.org/view.php?id=CVE-2024-9394
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1918874 https://www.mozilla.org/security/advisories/mfsa2024-46 https://www.mozilla.org/security/advisories/mfsa2024-47 https://www.mozilla.org/security/advisories/mfsa2024-48 https://www.mozilla.org/security/advisories/mfsa2024-49 https://www.mozilla.org/security/advisories/mfsa2024-50 https://access.redhat.com/security/cve/CVE-2024-9394 https://bugzilla.redhat.com/show_bug.cgi?id=2315957 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •