CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-8387 – mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2
https://notcve.org/view.php?id=CVE-2024-8387
03 Sep 2024 — Multiple vulnerabilities have been discovered in Spidermonkey, the worst of which could lead to arbitrary code execution. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1857607%2C1911858%2C1914009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8374 – Arbitrary Code Injection in Cura
https://notcve.org/view.php?id=CVE-2024-8374
03 Sep 2024 — UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py). • https://github.com/Ultimaker/Cura/commit/285a241eb28da3188c977f85d68937c0dad79c50 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42902
https://notcve.org/view.php?id=CVE-2024-42902
03 Sep 2024 — An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php function • https://bugs.limesurvey.org/view.php?id=19639 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39816 – Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2024-39816
02 Sep 2024 — in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. en OpenHarmony v4.1.0 y versiones anteriores se permite a un atacante local la ejecución de código arbitrario en aplicaciones preinstaladas a través de escritura fuera de los límites. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.md • CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38386 – Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2024-38386
02 Sep 2024 — in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. en OpenHarmony v4.1.0 y versiones anteriores se permite a un atacante local la ejecución de código arbitrario en aplicaciones preinstaladas a través de escritura fuera de los límites. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.md • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45623
https://notcve.org/view.php?id=CVE-2024-45623
02 Sep 2024 — D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. • https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10406 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 1CVE-2024-45492 – libexpat: integer overflow
https://notcve.org/view.php?id=CVE-2024-45492
30 Aug 2024 — Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://github.com/nidhihcl75/external_expat_2.6.2_CVE-2024-45492 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41369
https://notcve.org/view.php?id=CVE-2024-41369
29 Aug 2024 — RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php • https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2401 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41368
https://notcve.org/view.php?id=CVE-2024-41368
29 Aug 2024 — RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php • https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2396 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41364
https://notcve.org/view.php?id=CVE-2024-41364
29 Aug 2024 — RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php • https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2400 • CWE-94: Improper Control of Generation of Code ('Code Injection') •