CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29178 – Apache StreamPark: FreeMarker SSTI RCE Vulnerability
https://notcve.org/view.php?id=CVE-2024-29178
On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4 En versiones anteriores a la 2.1.4, un usuario podía iniciar sesión y realizar un ataque de inyección de plantilla que generaba una ejecución remota de código en el servidor. • http://www.openwall.com/lists/oss-security/2024/07/18/1 https://lists.apache.org/thread/n6dhnl68knpxy80t35qxkkw2691l8sfn • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-6813 – NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6813
NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. • https://www.zerodayinitiative.com/advisories/ZDI-24-902 https://kb.netgear.com/000066231/Security-Advisory-for-SQL-Injection-on-the-NMS300-PSV-2024-0018 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-6811 – IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6811
IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. • https://www.zerodayinitiative.com/advisories/ZDI-24-903 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39173
https://notcve.org/view.php?id=CVE-2024-39173
calculator-boilerplate v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the eval function at /routes/calculator.js. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field. Se descubrió que calculadora-boilerplate v1.0 contiene una vulnerabilidad de ejecución remota de código (RCE) a través de la función eval en /routes/calculator.js. • http://kropov.com/calculator-boilerplate-cve.txt • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-6812 – IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6812
IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. • https://www.zerodayinitiative.com/advisories/ZDI-24-904 • CWE-787: Out-of-bounds Write •