CVE-2025-0373 |
Description: On 64-bit systems, the implementation of VOP_VPTOFH() in the cd9660, tarfs and ext2fs filesystems overflows the destination FID buffer by 4 bytes, a stack buffer overflow.
A NFS server that exports a cd9660, tarfs, or ext2fs file system can be made to panic by mounting and accessing the export with an NFS client. Further exploitation (e.g., bypassing file permission checking or remote kernel code execution) is potentially possible, though this has not been demonstrated. In particular, release kernels are compiled with stack protection enabled, and some instances of the overflow are caught by this mechanism, causing a panic.
EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
CVE-2024-55417 |
Description: DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server.
EPSS Score: 0.05%
January 31st, 2025 (5 months ago)
|
CVE-2024-55416 |
Description: DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed.
EPSS Score: 0.07%
January 31st, 2025 (5 months ago)
|
CVE-2024-55415 |
Description: DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass.
EPSS Score: 0.07%
January 31st, 2025 (5 months ago)
|
CVE-2024-53615 |
Description: A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file.
EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
CVE-2024-44142 |
Description: The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution.
EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
CVE-2024-24731 |
Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the http_download command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.
EPSS Score: 0.05%
January 31st, 2025 (5 months ago)
|
CVE-2024-23973 |
Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.
EPSS Score: 0.05%
January 31st, 2025 (5 months ago)
|
CVE-2024-23971 |
Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.
EPSS Score: 0.07%
January 31st, 2025 (5 months ago)
|
CVE-2024-23970 |
Description: This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the CURLOPT_SSL_VERIFYHOST setting. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root.
EPSS Score: 0.07%
January 31st, 2025 (5 months ago)
|