CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20091
https://notcve.org/view.php?id=CVE-2024-20091
07 Oct 2024 — This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/October-2024 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45293 – XML External Entity Reference (XXE) in PHPSpreadsheet's XLSX reader
https://notcve.org/view.php?id=CVE-2024-45293
07 Oct 2024 — On servers that allow users to upload their own Excel (XLSX) sheets, Server files and sensitive information can be disclosed by providing a crafted sheet. ... Sensitive information disclosure through the XXE on sites that allow users to upload their own excel spreadsheets, and parse them using PHPSpreadsheet's Excel parser. ... On servers that allow users to upload their own Excel (XLSX) sheets, Server files, and sensitive information can be disclosed by providing a crafted sheet... • https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-6hwr-6v2f-3m88 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41163
https://notcve.org/view.php?id=CVE-2024-41163
03 Oct 2024 — A specially crafted HTTP request can lead to a disclosure of arbitrary files. ... A specially crafted HTTP request can lead to a disclosure of sensitive information. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2059 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41922
https://notcve.org/view.php?id=CVE-2024-41922
03 Oct 2024 — A specially crafted HTTP request can result in a disclosure of arbitrary files. ... A specially crafted HTTP request can lead to a disclosure of sensitive information. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2061 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47136
https://notcve.org/view.php?id=CVE-2024-47136
03 Oct 2024 — Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. • https://jvn.jp/en/vu/JVNVU92808077 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47135
https://notcve.org/view.php?id=CVE-2024-47135
03 Oct 2024 — Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. • https://jvn.jp/en/vu/JVNVU92808077 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47134
https://notcve.org/view.php?id=CVE-2024-47134
03 Oct 2024 — Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. • https://jvn.jp/en/vu/JVNVU92808077 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7025 – Debian Security Advisory 5781-1
https://notcve.org/view.php?id=CVE-2024-7025
03 Oct 2024 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html • CWE-472: External Control of Assumed-Immutable Web Parameter •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9369 – Debian Security Advisory 5781-1
https://notcve.org/view.php?id=CVE-2024-9369
03 Oct 2024 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-9370 – Debian Security Advisory 5781-1
https://notcve.org/view.php?id=CVE-2024-9370
03 Oct 2024 — Please see Google Chrome Releases for more information. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. •