CVE-2024-55504 |
Description: An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control and unauthorized access to sensitive user data via the exploit_combined.dylib component on MacOS.
EPSS Score: 0.05%
January 22nd, 2025 (5 months ago)
|
CVE-2024-54795 |
Description: SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create/edit forms of the worksheet designer function.
EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
CVE-2024-54794 |
Description: The script input feature of SpagoBI 3.5.1 allows arbitrary code execution.
EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
CVE-2024-54792 |
Description: A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An authenticated user can lead another user into executing unwanted actions inside the application they are logged in, like adding, editing or deleting users.
EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
CVE-2024-51941 |
Description: A remote code injection vulnerability exists in the Ambari Metrics and
AMS Alerts feature, allowing authenticated users to inject and execute
arbitrary code. The vulnerability occurs when processing alert
definitions, where malicious input can be injected into the alert script
execution path. An attacker with authenticated access can exploit this
vulnerability to execute arbitrary commands on the server. The issue has
been fixed in the latest versions of Ambari.
EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
CVE-2024-51417 |
Description: An issue in System.Linq.Dynamic.Core Latest version v.1.4.6 allows remote access to properties on reflection types and static properties/fields.
EPSS Score: 0.05%
January 22nd, 2025 (5 months ago)
|
CVE-2024-49748 |
Description: In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
CVE-2024-49747 |
Description: In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
CVE-2024-49745 |
Description: In growData of Parcel.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
CVE-2024-49744 |
Description: In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|