CVSS: 7.6EPSS: 0%CPEs: -EXPL: 1CVE-2024-31621 – Flowise 1.6.5 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-31621
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component. Un problema en FlowiseAI Inc Flowise v.1.6.2 y anteriores permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado para el componente api/v1. Flowise version 1.6.5 suffers from an authentication bypass vulnerability. • https://www.exploit-db.com/exploits/52001 https://flowiseai.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29991 – Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-29991
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Vulnerabilidad de omisión de característica de seguridad de Microsoft Edge (basada en Chromium) This vulnerability allows remote attackers to bypass the Mark-Of-The-Web security feature to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .MHT files. The issue results from the lack of a security check on .MHT files located in shared folders. An attacker can leverage this vulnerability to execute code in the context of the current user. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29991 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50260 – Wazuh's vulnerability in host_deny AR script allows arbitrary command execution
https://notcve.org/view.php?id=CVE-2023-50260
Wazuh is a free and open source platform used for threat prevention, detection, and response. A wrong validation in the `host_deny` script allows to write any string in the `hosts.deny` file, which can end in an arbitrary command execution on the target system. This vulnerability is part of the active response feature, which can automatically triggers actions in response to alerts. By default, active responses are limited to a set of pre defined executables. This is enforced by only allowing executables stored under `/var/ossec/active-response/bin` to be run as an active response. • https://github.com/wazuh/wazuh/security/advisories/GHSA-mjq2-xf8g-68vw • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0CVE-2023-51797
https://notcve.org/view.php?id=CVE-2023-51797
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.N113007-g8d24a28d06 permite a un atacante local ejecutar código arbitrario a través de libavfilter/avf_showwaves.c:722:24 en showwaves_filter_frame • https://ffmpeg.org https://github.com/FFmpeg/FFmpeg https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY https://trac.ffmpeg.org/ticket/10756 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2023-50186 – GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-50186
A successful attack may lead to an application crash or arbitrary code execution if malformed media files are opened. • https://gstreamer.freedesktop.org/security/sa-2023-0011.html https://www.zerodayinitiative.com/advisories/ZDI-24-368 https://access.redhat.com/security/cve/CVE-2023-50186 https://bugzilla.redhat.com/show_bug.cgi?id=2255639 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •