CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51114
https://notcve.org/view.php?id=CVE-2024-51114
03 Dec 2024 — An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file • https://github.com/ZackSecurity/VulnerReport/blob/cve/DCN/2.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51363
https://notcve.org/view.php?id=CVE-2024-51363
03 Dec 2024 — Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers to execute arbitrary code. • https://github.com/Gelcon/PoC-of-Hodoku-V2.3.0-RCE • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-29404
https://notcve.org/view.php?id=CVE-2024-29404
03 Dec 2024 — An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.20240213 allows a local attacker to execute arbitrary code via the export parameter of the Chroma Effects function in the Profiles component. • https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-46625
https://notcve.org/view.php?id=CVE-2024-46625
03 Dec 2024 — An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint of InfoDom Performa 365 v4.0.1 allows attackers to execute arbitrary code via uploading a crafted SVG file. • https://github.com/EchoSl0w/Research/blob/main/2024/CVE-2024-46625.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-9430
https://notcve.org/view.php?id=CVE-2018-9430
02 Dec 2024 — This could lead to remote code execution with no additional execution privileges needed. ... This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel/2018-07-01 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9418
https://notcve.org/view.php?id=CVE-2018-9418
02 Dec 2024 — This could lead to remote code execution with no additional execution privileges needed. ... This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel/2018-07-01 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9413
https://notcve.org/view.php?id=CVE-2018-9413
02 Dec 2024 — This could lead to remote code execution with no additional execution privileges needed. ... This could lead to remote code execution with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel/2018-07-01 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53992 – unzip-bot Allows Remote Code Execution (RCE) via archive extraction, password prompt, or video upload
https://notcve.org/view.php?id=CVE-2024-53992
02 Dec 2024 — unzip-bot is a Telegram bot to extract various types of archives. Users could exploit unsanitized inputs to inject malicious commands that are executed through subprocess.Popen with shell=True. Attackers can exploit this vulnerability using a crafted archive name, password, or video name. This vulnerability is fixed in 7.0.3a. unzip-bot es un bot de Telegram que extrae distintos tipos de archivos. Los usuarios podrían aprovechar las entradas no desinfectadas para inyectar comandos maliciosos que se ejecutan... • https://github.com/EDM115/unzip-bot/commit/5213b693eabb562842cdbf21c1074e91bfa00274 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8785 – WhatsUp Gold Registry Overwrite Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8785
02 Dec 2024 — In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024 • CWE-648: Incorrect Use of Privileged APIs •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46909 – WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-46909
02 Dec 2024 — In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024 • CWE-16: Configuration CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-73: External Control of File Name or Path •