NotCVE-2023-0001 – Secure Boot Bypass in MSM8916/APQ8016 Mobile SoC
https://notcve.org/view.php?id=NotCVE-2023-0001
A physical attacker may leverage improper protection against voltage glitching in Qualcomm’s Secure Boot implementation in chipsets MSM8916 and APQ8016 to execute arbitrary code in the device due to a badly secured hash value check. • https://cyberintel.es/cve/notCVE-2023-0001/ • CWE-1247: Improper Protection Against Voltage and Clock Glitches •
CVE-2024-46986 – Arbitrary file write leading to RCE in Camaleon CMS
https://notcve.org/view.php?id=CVE-2024-46986
This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. • https://codeql.github.com/codeql-query-help/ruby/rb-path-injection https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-wmjg-vqhv-q5p5 https://owasp.org/www-community/attacks/Path_Traversal https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2024-34026
https://notcve.org/view.php?id=CVE-2024-34026
A specially crafted EtherNet/IP request can lead to remote code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2005 • CWE-121: Stack-based Buffer Overflow •
CVE-2024-45679
https://notcve.org/view.php?id=CVE-2024-45679
Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product. • https://github.com/assimp/assimp/releases/tag/v5.4.3 https://jvn.jp/en/jp/JVN42386607 • CWE-122: Heap-based Buffer Overflow •
CVE-2024-35515
https://notcve.org/view.php?id=CVE-2024-35515
Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code. • https://github.com/piskvorky/sqlitedict https://wha13.github.io/2024/06/13/mfcve • CWE-94: Improper Control of Generation of Code ('Code Injection') •