CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-29218
https://notcve.org/view.php?id=CVE-2024-29218
Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affected product open a specially crafted file. ... Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and earlier, KV REPLAY VIEWER Ver.2.64 and earlier, and VT5-WX15/WX12 Ver.6.02 and earlier, which may lead to information disclosure or arbitrary code execution by having a user of the affected product open a specially crafted file. • https://jvn.jp/en/vu/JVNVU95439120 https://www.keyence.com/kv_vulnerability240329_en https://www.keyence.com/kv_vulnerability240924_en • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-24486
https://notcve.org/view.php?id=CVE-2024-24486
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit device settings via the SAVE EEP_DATA command. Un problema descubierto en silex technology DS-600 Firmware v.1.4.1, permite a un atacante remoto editar la configuración del dispositivo mediante el comando SAVE EEP_DATA. • https://raw.githubusercontent.com/MostafaSoliman/Security-Advisories/master/CVE-2024-24486 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-284: Improper Access Control •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-30567
https://notcve.org/view.php?id=CVE-2024-30567
An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality. Un problema en JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 permite a un atacante remoto ejecutar código arbitrario a través de la funcionalidad de solución de problemas de red. • https://gist.github.com/s4fv4n/f0e8eccd0ce4bd1ac109fa2481c90ee6 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-31648
https://notcve.org/view.php?id=CVE-2024-31648
Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/new_category2. Cross Site Scripting (XSS) en Insurance Management System v1.0, permite a atacantes remotos ejecutar scripts web o HTML arbitrario a través de un payload manipulado inyectado en el parámetro Nombre de categoría en /core/new_category2. • https://github.com/Mohitkumar0786/CVE/blob/main/CVE-2024-31648.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-32487 – less: OS command injection
https://notcve.org/view.php?id=CVE-2024-32487
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. less hasta 653 permite la ejecución de comandos del sistema operativo mediante un carácter de nueva línea en el nombre de un archivo, porque las comillas se manejan mal en filename.c. La explotación normalmente requiere el uso de nombres de archivos controlados por el atacante, como los archivos extraídos de un archivo que no es de confianza. La explotación también requiere la variable de entorno LESSOPEN, pero está configurada de forma predeterminada en muchos casos comunes. • http://www.openwall.com/lists/oss-security/2024/04/15/1 https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33 https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html https://security.netapp.com/advisory/ntap-20240605-0009 https://www.openwall.com/lists/oss-security/2024/04/12/5 https://www.openwall.com/lists/oss-security/2024/04/13/2 https://access.redhat.com/security/cve/CVE-2024-32487 https://bugzilla.redhat.com/show_bug.cgi?id=2274980 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •