CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 11CVE-2024-48990 – needrestart Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-48990
19 Nov 2024 — Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable. ... A local attacker could possibly use this issue to execute arbitrary code as root. • https://github.com/njeru-codes/needrestart-vulnerability-poc • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11003 – needrestart Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-11003
19 Nov 2024 — A local attacker could possibly use this issue to execute arbitrary code as root. • https://github.com/unknown-user-from/CVE-2024-11003-PoC • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10224 – needrestart Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-10224
19 Nov 2024 — A local attacker could possibly use this issue to execute arbitrary code as root. • https://github.com/rschupp/Module-ScanDeps/security/advisories/GHSA-g597-359q-v529 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10204 – Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025
https://notcve.org/view.php?id=CVE-2024-10204
19 Nov 2024 — These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted X_B or SAT file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.3ds.com/vulnerability/advisories • CWE-122: Heap-based Buffer Overflow CWE-457: Use of Uninitialized Variable •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48069
https://notcve.org/view.php?id=CVE-2024-48069
19 Nov 2024 — A remote code execution (RCE) vulnerability in the component /inventory/doCptimpoptInventory of Weaver Ecology v9.* allows attackers to execute arbitrary code via injecting a crafted payload into the name of an uploaded file. • https://gist.github.com/CoinIsMoney/5dd555805e8f974630ced8a1df8182f1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48070
https://notcve.org/view.php?id=CVE-2024-48070
19 Nov 2024 — Weaver Ecology v9* was discovered to contain a SQL injection vulnerability. An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges • https://gist.github.com/CoinIsMoney/ec863c35dfd05c7deea2afea11bf2446 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48694
https://notcve.org/view.php?id=CVE-2024-48694
19 Nov 2024 — File Upload vulnerability in Xi'an Daxi Information technology OfficeWeb365 v.8.6.1.0 and v7.18.23.0 allows a remote attacker to execute arbitrary code via the pw/savedraw component. • https://avd.aliyun.com/detail?id=AVD-2023-1678930 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52476 – WordPress Fediverse Embeds plugin <= 1.5.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52476
19 Nov 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/fediverse-embeds/vulnerability/wordpress-fediverse-embeds-plugin-1-5-3-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.6EPSS: 0%CPEs: -EXPL: 1CVE-2024-11392 – Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11392
19 Nov 2024 — Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. ... An attacker can leverage this vulnerability to execute code in th... • https://github.com/Piyush-Bhor/CVE-2024-11392 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 1CVE-2024-11393 – Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11393
19 Nov 2024 — Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. ... An attacker can leverage this vulnerability to execute code ... • https://github.com/Piyush-Bhor/CVE-2024-11393 • CWE-502: Deserialization of Untrusted Data •