CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45291 – Path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled in PHPSpreadsheet
https://notcve.org/view.php?id=CVE-2024-45291
Note that any PHP protocol wrappers can be used, meaning that if for example the `expect://` wrapper is enabled, also remote code execution is possible. • https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-w9xv-qf98-ccq4 • CWE-36: Absolute Path Traversal CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-31449 – Lua library commands may lead to stack overflow and RCE in Redis
https://notcve.org/view.php?id=CVE-2024-31449
An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. • https://github.com/redis/redis/commit/1f7c148be2cbacf7d50aa461c58b871e87cc5ed9 https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5 • CWE-20: Improper Input Validation CWE-121: Stack-based Buffer Overflow •
CVSS: 7.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-47559 – Authenticated RCE via Path Traversal
https://notcve.org/view.php?id=CVE-2024-47559
Authenticated RCE via Path Traversal • https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-47558 – Authenticated RCE via Path Traversal
https://notcve.org/view.php?id=CVE-2024-47558
Authenticated RCE via Path Traversal • https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-47557 – Pre-Auth RCE via Path Traversal
https://notcve.org/view.php?id=CVE-2024-47557
Pre-Auth RCE via Path Traversal • https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •