CVE-2024-5834
https://notcve.org/view.php?id=CVE-2024-5834
Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) La implementación inapropiada en Dawn en Google Chrome anterior a 126.0.6478.54 permitió a un atacante remoto ejecutar código arbitrario a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/342840932 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-34115 – ZDI-CAN-24054: Adobe Substance 3D Stager SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-34115
Substance3D - Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/substance3d_stager/apsb24-43.html • CWE-787: Out-of-bounds Write •
CVE-2024-34405
https://notcve.org/view.php?id=CVE-2024-34405
Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the app. Validación inadecuada de enlaces profundos en McAfee Security: Antivirus VPN para Android anterior a 8.3.0 podría permitir a un atacante iniciar una URL arbitraria dentro de la aplicación. • https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html https://www.mcafee.com/support/?page=shell&shell=article-view&articleId=000002403 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-27851 – webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2024-27851
Processing maliciously crafted web content may lead to arbitrary code execution. ... This flaw allows a remote attacker to perform arbitrary code execution when processing web content. • http://seclists.org/fulldisclosure/2024/Jun/5 https://support.apple.com/en-us/HT214101 https://support.apple.com/en-us/HT214102 https://support.apple.com/en-us/HT214103 https://support.apple.com/en-us/HT214104 https://support.apple.com/en-us/HT214106 https://support.apple.com/en-us/HT214108 https://access.redhat.com/security/cve/CVE-2024-27851 https://bugzilla.redhat.com/show_bug.cgi?id=2314704 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2024-27831
https://notcve.org/view.php?id=CVE-2024-27831
Processing a file may lead to unexpected app termination or arbitrary code execution. • http://seclists.org/fulldisclosure/2024/Jun/5 https://support.apple.com/en-us/HT214100 https://support.apple.com/en-us/HT214101 https://support.apple.com/en-us/HT214102 https://support.apple.com/en-us/HT214105 https://support.apple.com/en-us/HT214106 https://support.apple.com/en-us/HT214107 https://support.apple.com/en-us/HT214108 https://support.apple.com/kb/HT214100 https://support.apple.com/kb/HT214101 https://support.apple.com/kb/HT214102 https://s • CWE-786: Access of Memory Location Before Start of Buffer CWE-787: Out-of-bounds Write •