CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11156 – Rockwell Automation Arena® Out of Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-11156
05 Dec 2024 — An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to execute arbitrary... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11155 – Rockwell Automation Arena® Use After Free Vulnerability
https://notcve.org/view.php?id=CVE-2024-11155
05 Dec 2024 — A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execu... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12235 – Shenzhen Dashi Tongzhou Information Technology AgileBPM AuthorizationTokenCheckFilter.java doFilter access control
https://notcve.org/view.php?id=CVE-2024-12235
05 Dec 2024 — A vulnerability was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 1.0.0. It has been declared as critical. Affected by this vulnerability is the function doFilter of the file \agile-bpm-basic-master\ab-auth\ab-auth-spring-security-oauth2\src\main\java\com\dstz\auth\filter\AuthorizationTokenCheckFilter.java. The manipulation leads to improper access controls. The attack can be launched remotely. • https://github.com/sweatxi/rce/blob/main/AgileBPM_vertical_overreach.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12232 – code-projects Simple CRUD Functionality index.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-12232
05 Dec 2024 — A vulnerability has been found in code-projects Simple CRUD Functionality 1.0 and classified as problematic. This vulnerability affects unknown code of the file /index.php. ... In code-projects Simple CRUD Functionality 1.0 wurde eine problematische Schwachstelle gefunden. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 2CVE-2024-48840 – Unauthorized Access
https://notcve.org/view.php?id=CVE-2024-48840
05 Dec 2024 — Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 suffers from an unauthenticated shell command execution vulnerability through the deployStart.php script. This allows any user to trigger the execution of rundeploy.sh script, which initializes the Java deployment server that sets various configurations, potentially causing unaut... • https://packetstorm.news/files/id/183179 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 6CVE-2024-48839 – Remote Code Execution, RCE
https://notcve.org/view.php?id=CVE-2024-48839
05 Dec 2024 — Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 ABB Cylon Aspect version 3.08.02 is vulnerable to code execution and sudo misconfiguration flaws. An authenticated remote code execution vulnerability in the firmware update mechanism allows an attacker with valid credentials to escalate privileges and execute commands as root. ... This... • https://packetstorm.news/files/id/183448 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41137 – Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore
https://notcve.org/view.php?id=CVE-2022-41137
05 Dec 2024 — Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data. Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54223 – WordPress ARForms plugin <= 1.7.1 - HTML Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-54223
05 Dec 2024 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Contact Form - Repute InfoSystems ARForms Form Builder allows Code Injection.This issue affects ARForms Form Builder: from n/a through 1.7.1. • https://patchstack.com/database/wordpress/plugin/arforms-form-builder/vulnerability/wordpress-arforms-plugin-1-7-1-html-injection-vulnerability?_s_id=cve • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-37862
https://notcve.org/view.php?id=CVE-2024-37862
05 Dec 2024 — Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_planner process. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10681 – ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-10681
05 Dec 2024 — The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. ... This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/changeset/3199747/armember-membership/trunk/core/classes/class.arm_shortcodes.php • CWE-94: Improper Control of Generation of Code ('Code Injection') •