CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47543 – GHSL-2024-236: GStreamer has an OOB-read in qtdemux_parse_container
https://notcve.org/view.php?id=CVE-2024-47543
11 Dec 2024 — Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47541 – GHSL-2024-228: GStreamer has an out-of-bounds write in SSA subtitle parser
https://notcve.org/view.php?id=CVE-2024-47541
11 Dec 2024 — Multiple multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036.patch • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47540 – GHSL-2024-197: GStreamer uses uninitialized stack memory in Matroska/WebM demuxer
https://notcve.org/view.php?id=CVE-2024-47540
11 Dec 2024 — This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. ... Processing a specially crafted input file can cause the usage of uninitialized stack memory, allowing calls to uninitialized function pointers, potentially resulting in code execution or an application crash. Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch • CWE-457: Use of Uninitialized Variable •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47539 – GHSL-2024-195: GStreamer has an OOB-write in convert_to_s334_1a
https://notcve.org/view.php?id=CVE-2024-47539
11 Dec 2024 — This vulnerability allows a malicious third party to trigger a crash of the application and perform code execution through heap manipulation. Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch • CWE-787: Out-of-bounds Write •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 2CVE-2024-42448
https://notcve.org/view.php?id=CVE-2024-42448
11 Dec 2024 — From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. • https://github.com/h3lye/CVE-2024-42448-RCE • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12382 – Debian Security Advisory 5829-1
https://notcve.org/view.php?id=CVE-2024-12382
11 Dec 2024 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12381 – Debian Security Advisory 5829-1
https://notcve.org/view.php?id=CVE-2024-12381
11 Dec 2024 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10910 – Grid Plus – Unlimited grid layout <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category
https://notcve.org/view.php?id=CVE-2024-10910
11 Dec 2024 — The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via grid_plus_load_by_category AJAX action in all versions up to, and including, 1.3.5. ... This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/grid-plus/tags/1.3.5/core/ajax_fe.php#L19 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10590 – Opt-In Downloads <= 4.07 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10590
11 Dec 2024 — The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Due to the presence of an .htaccess file, this can only be exploited to achieve RCE
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 14CVE-2024-53677 – Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks
https://notcve.org/view.php?id=CVE-2024-53677
11 Dec 2024 — An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. ... An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. • https://packetstorm.news/files/id/183165 • CWE-434: Unrestricted Upload of File with Dangerous Type •