CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2018-9433
https://notcve.org/view.php?id=CVE-2018-9433
19 Nov 2024 — This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-07-01 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9365
https://notcve.org/view.php?id=CVE-2018-9365
19 Nov 2024 — In smp_data_received of smp_l2c.cc, there is a possible out of bounds read followed by code execution due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-07-01 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21697
https://notcve.org/view.php?id=CVE-2024-21697
19 Nov 2024 — This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 4.2.8 of Sourcetree for Mac and 3.4.19 for Sourcetree for Windows. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.8, allows an unauthenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. • https://confluence.atlassian.com/pages/viewpage.action?pageId=1456179091 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48992 – needrestart Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-48992
19 Nov 2024 — Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable. ... A local attacker could possibly use this issue to execute arbitrary code as root. • https://github.com/liske/needrestart/commit/b5f25f6ec6e7dd0c5be249e4e45de4ee9ffe594f • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48991 – needrestart Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-48991
19 Nov 2024 — Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter). Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python int... • https://github.com/liske/needrestart/commit/6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 11CVE-2024-48990 – needrestart Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-48990
19 Nov 2024 — Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable. ... A local attacker could possibly use this issue to execute arbitrary code as root. • https://github.com/njeru-codes/needrestart-vulnerability-poc • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11003 – needrestart Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-11003
19 Nov 2024 — This could allow a local attacker to execute arbitrary shell commands. ... A local attacker could possibly use this issue to execute arbitrary code as root. • https://github.com/unknown-user-from/CVE-2024-11003-PoC • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10224 – needrestart Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-10224
19 Nov 2024 — Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval(). ... A local attacker could possibly use this issue to execute arbitrary code as root. • https://github.com/rschupp/Module-ScanDeps/security/advisories/GHSA-g597-359q-v529 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10204 – Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025
https://notcve.org/view.php?id=CVE-2024-10204
19 Nov 2024 — These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted X_B or SAT file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.3ds.com/vulnerability/advisories • CWE-122: Heap-based Buffer Overflow CWE-457: Use of Uninitialized Variable •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48069
https://notcve.org/view.php?id=CVE-2024-48069
19 Nov 2024 — A remote code execution (RCE) vulnerability in the component /inventory/doCptimpoptInventory of Weaver Ecology v9.* allows attackers to execute arbitrary code via injecting a crafted payload into the name of an uploaded file. • https://gist.github.com/CoinIsMoney/5dd555805e8f974630ced8a1df8182f1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •