CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8638 – Debian Security Advisory 5768-1
https://notcve.org/view.php?id=CVE-2024-8638
11 Sep 2024 — (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8637 – Debian Security Advisory 5768-1
https://notcve.org/view.php?id=CVE-2024-8637
11 Sep 2024 — (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8636 – Debian Security Advisory 5768-1
https://notcve.org/view.php?id=CVE-2024-8636
11 Sep 2024 — (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html • CWE-122: Heap-based Buffer Overflow CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31336
https://notcve.org/view.php?id=CVE-2024-31336
11 Sep 2024 — In PVRSRVBridgeRGXKickTA3D2 of server_rgxta3d_bridge.c, there is a possible arbitrary code execution due to improper input validation. • https://source.android.com/security/bulletin/2024-09-01 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44466
https://notcve.org/view.php?id=CVE-2024-44466
11 Sep 2024 — COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface. • https://github.com/CurryRaid/iot_vul/tree/main/comfast • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44570
https://notcve.org/view.php?id=CVE-2024-44570
11 Sep 2024 — RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code injection vulnerability via the getParams function in phpinf.php. • http://system-on-chip.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44107
https://notcve.org/view.php?id=CVE-2024-44107
10 Sep 2024 — DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0CVE-2024-43469 – Azure CycleCloud Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43469
10 Sep 2024 — Azure CycleCloud Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43469 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 3.4EPSS: 0%CPEs: 9EXPL: 0CVE-2024-8443 – Libopensc: heap buffer overflow in openpgp driver when generating key
https://notcve.org/view.php?id=CVE-2024-8443
10 Sep 2024 — A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution. • https://access.redhat.com/security/cve/CVE-2024-8443 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8258 – Insecure Electron Fuses in Logitech Options Plus Allowing Arbitrary Code Execution on macOS
https://notcve.org/view.php?id=CVE-2024-8258
10 Sep 2024 — Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration. • https://www.electronjs.org/docs/latest/tutorial/fuses • CWE-94: Improper Control of Generation of Code ('Code Injection') •