CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12695 – Debian Security Advisory 5834-1
https://notcve.org/view.php?id=CVE-2024-12695
18 Dec 2024 — Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. ... (Gravedad de seguridad de Chromium: alta) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12694 – Debian Security Advisory 5834-1
https://notcve.org/view.php?id=CVE-2024-12694
18 Dec 2024 — Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. ... (Gravedad de seguridad de Chromium: Alta) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12693 – Debian Security Advisory 5834-1
https://notcve.org/view.php?id=CVE-2024-12693
18 Dec 2024 — Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. ... (Gravedad de seguridad de Chromium: alta) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12692 – Debian Security Advisory 5834-1
https://notcve.org/view.php?id=CVE-2024-12692
18 Dec 2024 — Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. ... (Gravedad de seguridad de Chromium: alta) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2CVE-2024-56145 – RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms
https://notcve.org/view.php?id=CVE-2024-56145
18 Dec 2024 — For these users an unspecified remote code execution vector is present. ... For these users an unspecified remote code execution vector is present. • https://github.com/Sachinart/CVE-2024-56145-craftcms-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-12741 – Deserialization Of Untrusted Data Vulnerability In NI DAAQAExpress Project File
https://notcve.org/view.php?id=CVE-2024-12741
18 Dec 2024 — A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. ... A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. • https://knowledge.ni.com/KnowledgeArticleDetails?id=kA00Z000000kFD7SAM&l=en-US • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55952 – Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability
https://notcve.org/view.php?id=CVE-2024-55952
18 Dec 2024 — Authenticated users can remotely execute code through the backend JDBC connection. • https://github.com/dataease/dataease/commit/0db4872a52eccf6e83dd9359aa05db52dd580ec1 • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-56051 – WordPress WPLMS plugin < 1.9.9.5 - Student+ Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-56051
18 Dec 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS allows Code Injection.This issue affects WPLMS: from n/a before 1.9.9.5. • https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-student-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2024-12372 – Rockwell Automation PowerMonitor™ 1000 Denial of Service
https://notcve.org/view.php?id=CVE-2024-12372
18 Dec 2024 — A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 14EXPL: 0CVE-2024-12371 – Rockwell Automation PowerMonitor™ 1000 Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-12371
18 Dec 2024 — A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html • CWE-306: Missing Authentication for Critical Function •