Security Vulnerabilities - CVEs Published In October 2024
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.003
Published
2024-10-22
An issue in the server_handle_regular function of the test_coap_server.c file within the FreeCoAP project allows remote attackers to cause a Denial of Service through specially crafted packets.
CVSS Score
8.2
EPSS Score
0.005
Published
2024-10-22
Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_msg_get_payload(resp)` to return a null pointer, which is then dereferenced in a call to `memcpy`.
CVSS Score
9.8
EPSS Score
0.012
Published
2024-10-22
Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause a denial of service (stack buffer overflow) via a crafted packet.
CVSS Score
9.8
EPSS Score
0.021
Published
2024-10-22
Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)
CVSS Score
8.1
EPSS Score
0.001
Published
2024-10-22
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.003
Published
2024-10-22
A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations.
Please note: an attacker must first obtain the ability to execute high-privileged code (admin user rights) on the target system in order to exploit this vulnerability.
CVSS Score
8.4
EPSS Score
0.004
Published
2024-10-22
A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVSS Score
6.5
EPSS Score
0.007
Published
2024-10-22
An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-10-22
An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances.
Please note: authentication is not required in order to exploit this vulnerability.
CVSS Score
9.8
EPSS Score
0.072
Published
2024-10-22