CVE-2024-45402 – Picotls double free
https://notcve.org/view.php?id=CVE-2024-45402
However, depending on the internals of malloc and the crypto backend being used, the flaw could potentially lead to a use-after-free scenario, which might allow for arbitrary code execution. • https://github.com/h2o/picotls/commit/9b88159ce763d680e4a13b6e8f3171ae923a535d https://github.com/h2o/picotls/security/advisories/GHSA-w7c8-wjx9-vvvv • CWE-415: Double Free •
CVE-2024-21534
https://notcve.org/view.php?id=CVE-2024-21534
Versions of the package jsonpath-plus before 10.0.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. **Note:** The unsafe behavior is still available after applying the fix but it is not turned on by default. • https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8185019 https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-44414
https://notcve.org/view.php?id=CVE-2024-44414
A vulnerability was discovered in FBM_292W-21.03.10V, which has been classified as critical. This issue affects the sub_4901E0 function in the msp_info.htm file. Manipulation of the path parameter can lead to command injection. • https://github.com/IotChan/cve/blob/main/wayos/FBM_292W/CVE-2024-44414 https://github.com/IotChan/cve/blob/main/wayos/FBM_292W/wayos%20FBM_292W.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-47425 – Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (CWE-191)
https://notcve.org/view.php?id=CVE-2024-47425
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/framemaker/apsb24-82.html • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2024-47423 – Adobe Framemaker | Unrestricted Upload of File with Dangerous Type (CWE-434)
https://notcve.org/view.php?id=CVE-2024-47423
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. • https://helpx.adobe.com/security/products/framemaker/apsb24-82.html • CWE-434: Unrestricted Upload of File with Dangerous Type •