CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-49775
https://notcve.org/view.php?id=CVE-2024-49775
Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code. • https://cert-portal.siemens.com/productcert/html/ssa-928984.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12641 – Chunghwa Telecom TenderDocTransfer - Reflected Cross-site Scripting to RCE
https://notcve.org/view.php?id=CVE-2024-12641
TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use specific APIs through phishing to execute arbitrary JavaScript code in the user’s browser. Since the web server set by the application supports Node.Js features, attackers can further leverage this to run OS commands. • https://www.twcert.org.tw/en/cp-139-8299-42168-2.html https://www.twcert.org.tw/tw/cp-132-8292-4fd98-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-56084
https://notcve.org/view.php?id=CVE-2024-56084
These are executed, leading to Remote Code Execution. • https://servicedesk.logpoint.com/hc/en-us/articles/22137632418845-Remote-Code-Execution-while-creating-Universal-Normalizer • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-56086
https://notcve.org/view.php?id=CVE-2024-56086
These are executed when the backup process is initiated, leading to Remote Code Execution. • https://servicedesk.logpoint.com/hc/en-us/articles/22136886421277-Remote-Code-Execution-while-creating-Report-Templates • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-29671
https://notcve.org/view.php?id=CVE-2024-29671
Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component. • https://github.com/laskdjlaskdj12/CVE-2024-29671-POC https://ez-net.co.kr/new_2012/customer/download_view.php?cid=&sid=&goods=&cate=&q=Ax1500&seq=228 https://gist.github.com/laskdjlaskdj12/4afc8b5d75640bd28eaf32de3ceda48a • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •