CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6451 – AI Engine < 2.5.1 - Admin+ RCE
https://notcve.org/view.php?id=CVE-2024-6451
29 Jul 2024 — AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of "logs_path", allowing Administrators to change log filetypes from .log to .php. The AI Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the /wp-json/mwai/v1/settings/update REST API endpoint. This is due to the plugin not properly validating a log path file extension allowing a ... • https://wpscan.com/vulnerability/fc06d413-a227-470c-a5b7-cdab57aeab34 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-34732 – PowerVR PMR Physical Memory Handling Flaw
https://notcve.org/view.php?id=CVE-2024-34732
29 Jul 2024 — In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. • https://packetstorm.news/files/id/179768 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-34733 – PowerVR DevmemXIntMapPages() / DevmemXIntUnmapPages() Integer Overflows
https://notcve.org/view.php?id=CVE-2024-34733
29 Jul 2024 — In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an integer overflow. • https://packetstorm.news/files/id/179769 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 6CVE-2024-37084 – CVE-2024-37084: Remote code execution in Spring Cloud Data Flow
https://notcve.org/view.php?id=CVE-2024-37084
25 Jul 2024 — In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server • https://packetstorm.news/files/id/181439 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41468
https://notcve.org/view.php?id=CVE-2024-41468
25 Jul 2024 — Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter at /goform/exeCommand • https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/exeCommand/README.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41667 – OpenAM FreeMarker template injection
https://notcve.org/view.php?id=CVE-2024-41667
24 Jul 2024 — OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to override the default PingOne Advanced Identity Cloud login page,they did not restrict the `CustomLoginUrlTemplate`, allowing it to be set freely. Commit fcb8432aa77d5b2e147624fe954cb150c568e0b8 introduces `Templat... • https://github.com/OpenIdentityPlatform/OpenAM/commit/fcb8432aa77d5b2e147624fe954cb150c568e0b8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32466
https://notcve.org/view.php?id=CVE-2023-32466
24 Jul 2024 — A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege. • https://www.dell.com/support/kbdoc/en-us/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200 • CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4081 – Memory Corruption Due to Improper Length Check in NI LabVIEW
https://notcve.org/view.php?id=CVE-2024-4081
23 Jul 2024 — A memory corruption issue due to an improper length check in NI LabVIEW may disclose information or result in arbitrary code execution. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-issues-due-to-improper-length-checks-in-labview.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4080 – Memory Corruption Due to Improper Length Checks in LabVIEW tdcore.dll
https://notcve.org/view.php?id=CVE-2024-4080
23 Jul 2024 — A memory corruption issue due to an improper length check in LabVIEW tdcore.dll may disclose information or result in arbitrary code execution. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-issues-due-to-improper-length-checks-in-labview.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4079 – Out of Bounds Read Due to Missing Bounds Check in LabVIEW
https://notcve.org/view.php?id=CVE-2024-4079
23 Jul 2024 — An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-due-to-missing-bounds-check-in-labview.html • CWE-125: Out-of-bounds Read •