Security Vulnerabilities - CVEs Published In December 2024
Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2_amcl process
CVSS Score
7.8
EPSS Score
0.002
Published
2024-12-05
In reboot_block_command of htc reboot_block driver, there is a possible
stack buffer overflow due to a missing bounds check. This could lead to
local escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation.
CVSS Score
6.7
EPSS Score
0.0
Published
2024-12-05
In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privilege.
CVSS Score
9.8
EPSS Score
0.0
Published
2024-12-05
In procfile_write of gl_proc.c, there is a possible out of bounds read of a
function pointer due to an incorrect bounds check. This could lead to local
escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation.
CVSS Score
6.7
EPSS Score
0.0
Published
2024-12-05
In update_gps_sv and output_vzw_debug of
vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/gpshal_wor
ker.c, there is a possible out of bounds write due to a missing bounds
check. This could lead to local escalation of privilege with System
execution privileges needed. User interaction is not needed for
exploitation.
CVSS Score
6.7
EPSS Score
0.0
Published
2024-12-05
A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter.
CVSS Score
5.4
EPSS Score
0.004
Published
2024-12-05
In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
6.7
EPSS Score
0.0
Published
2024-12-05
An “out of bounds write” code execution vulnerability exists in the
Rockwell Automation Arena®
that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-12-05
An “uninitialized variable” code execution vulnerability exists in the
Rockwell Automation Arena®
that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
CVSS Score
6.7
EPSS Score
0.0
Published
2024-12-05
An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena®
that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-12-05