CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44176 – Apple macOS ImageIO JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-44176
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. • https://support.apple.com/en-us/121234 https://support.apple.com/en-us/121238 https://support.apple.com/en-us/121240 https://support.apple.com/en-us/121246 https://support.apple.com/en-us/121247 https://support.apple.com/en-us/121248 https://support.apple.com/en-us/121249 https://support.apple.com/en-us/121250 •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40841 – Apple macOS AppleVADriver Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-40841
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. • https://support.apple.com/en-us/121238 https://support.apple.com/en-us/121247 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-40846 – Apple macOS AppleIntelKBLGraphicsMTLDriver Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-40846
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. • https://support.apple.com/en-us/121238 https://support.apple.com/en-us/121247 •
CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7104 – Remote Code Execution in SFS Consulting's ww.Winsure
https://notcve.org/view.php?id=CVE-2024-7104
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2. • https://www.usom.gov.tr/bildirim/tr-24-1475 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22399 – Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server
https://notcve.org/view.php?id=CVE-2024-22399
Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private protocol. This issue affects Apache Seata: 2.0.0, from 1.0.0 through 1.8.0. Users are recommended to upgrade to version 2.1.0/1.8.1, which fixes the issue. • https://lists.apache.org/thread/91nzzlxyj4nmks85gbzwkkjtbmnmlkc4 • CWE-502: Deserialization of Untrusted Data •