CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11787 – Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11787
27 Nov 2024 — Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. ... An attacker can leverage this vulnerability to execute cod... • https://www.zerodayinitiative.com/advisories/ZDI-24-1614 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11798 – Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11798
27 Nov 2024 — Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. ... An attacker can leverage this vulnerability to execute code in ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1624 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-53604
https://notcve.org/view.php?id=CVE-2024-53604
27 Nov 2024 — A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter. • https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/COVID19/SQL%20Injection%20vulnerability%20mo.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53920
https://notcve.org/view.php?id=CVE-2024-53920
27 Nov 2024 — In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.) • https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53849 – Several stack buffer overflows and pointer overflows in editorconfig-core-c
https://notcve.org/view.php?id=CVE-2024-53849
26 Nov 2024 — An attacker could possibly use these issues to cause a denial of service, or execute arbitrary code. • http://editorconfig.org • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53673 – Hewlett Packard Enterprise Insight Remote Support DESTA Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-53673
26 Nov 2024 — A java deserialization vulnerability in HPE Remote Insight Support allows an unauthenticated attacker to execute code. A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Insight Remote Support. ... An attacker can leverage this vulnerability to execute ... • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04731en_us • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11145 – Easy Folder Listing Pro deserialization vulnerability
https://notcve.org/view.php?id=CVE-2024-11145
26 Nov 2024 — Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! • https://github.com/cisagov/CSAF/blob/develop/csaf_files/IT/white/2024/va-24-331-01.json • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-11699 – firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5
https://notcve.org/view.php?id=CVE-2024-11699
26 Nov 2024 — Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. ... Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code. ... If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information acr... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11708 – Ubuntu Security Notice USN-7134-1
https://notcve.org/view.php?id=CVE-2024-11708
26 Nov 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1922912 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11706 – Ubuntu Security Notice USN-7134-1
https://notcve.org/view.php?id=CVE-2024-11706
26 Nov 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1923767 • CWE-476: NULL Pointer Dereference •