CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44308 – Apple Multiple Products Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-44308
19 Nov 2024 — Processing maliciously crafted web content may lead to arbitrary code execution. ... If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may le... • https://support.apple.com/en-us/121752 •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44307
https://notcve.org/view.php?id=CVE-2024-44307
19 Nov 2024 — An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/120911 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44306
https://notcve.org/view.php?id=CVE-2024-44306
19 Nov 2024 — An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/120911 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2018-9433
https://notcve.org/view.php?id=CVE-2018-9433
19 Nov 2024 — This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-07-01 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2018-9411
https://notcve.org/view.php?id=CVE-2018-9411
19 Nov 2024 — This could lead to remote arbitrary code execution with no additional execution privileges needed. • https://github.com/tamirzb/CVE-2018-9411 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9365
https://notcve.org/view.php?id=CVE-2018-9365
19 Nov 2024 — In smp_data_received of smp_l2c.cc, there is a possible out of bounds read followed by code execution due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-07-01 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21697
https://notcve.org/view.php?id=CVE-2024-21697
19 Nov 2024 — This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 4.2.8 of Sourcetree for Mac and 3.4.19 for Sourcetree for Windows. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.8, allows an unauthenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. • https://confluence.atlassian.com/pages/viewpage.action?pageId=1456179091 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9341
https://notcve.org/view.php?id=CVE-2018-9341
19 Nov 2024 — This could lead to remote arbitrary code execution with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-06-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48992 – needrestart Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-48992
19 Nov 2024 — Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable. ... A local attacker could possibly use this issue to execute arbitrary code as root. • https://github.com/liske/needrestart/commit/b5f25f6ec6e7dd0c5be249e4e45de4ee9ffe594f • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48991 – needrestart Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-48991
19 Nov 2024 — Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter). Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python int... • https://github.com/liske/needrestart/commit/6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59 •