CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31002
https://notcve.org/view.php?id=CVE-2024-31002
Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache() at Ap4Utils.cpp component. • https://github.com/axiomatic-systems/Bento4/issues/939 https://github.com/zhangteng0526/CVE-information/blob/main/CVE-2024-31002 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-21473 – Improper Input Validation in WIN SON
https://notcve.org/view.php?id=CVE-2024-21473
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple Qualcomm chipsets. ... An attacker can leverage this vulnerability to execute code in the context of root. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-24724 – Gibbon LMS v26.0.00 - SSTI vulnerability
https://notcve.org/view.php?id=CVE-2024-24724
Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messengerSettings.php) without sanitization. ... Gibbon version 26.0.00 suffers from a server-side template injection vulnerability that allows for remote code execution. • https://www.exploit-db.com/exploits/51962 https://gibbonedu.org/download https://packetstormsecurity.com/files/177857 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-20039
https://notcve.org/view.php?id=CVE-2024-20039
This could lead to remote code execution with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/April-2024 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-2658 – Flexera Software FlexNet Publisher Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-2658
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. •