CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49611 – WordPress Product Website Showcase plugin <= 1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49611
The Product Website Showcase plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/product-websites-showcase/wordpress-product-website-showcase-plugin-1-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7994 – Stack-Based Buffer Overflow Vulnerability in Autodesk Revit
https://notcve.org/view.php?id=CVE-2024-7994
A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0017 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7993 – Out-of-Bounds Write Vulnerability in Autodesk Revit
https://notcve.org/view.php?id=CVE-2024-7993
A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0018 • CWE-787: Out-of-bounds Write •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47836 – Admidio vulnerable to HTML Injection In The Messages Section
https://notcve.org/view.php?id=CVE-2024-47836
Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. • https://github.com/Admidio/admidio/security/advisories/GHSA-7c4c-749j-pfp2 • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-9143 – Low-level invalid GF(2^m) parameters lead to OOB memory access
https://notcve.org/view.php?id=CVE-2024-9143
Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we're aware of, either only "named curves" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent problematic input values. ... Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. • https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712 https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700 https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4 https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154 https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41 https://openssl-library.org/news/secadv/20241016.txt • CWE-787: Out-of-bounds Write •