CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39563 – Junos Space: Remote Command Execution (RCE) vulnerability in web application
https://notcve.org/view.php?id=CVE-2024-39563
11 Oct 2024 — A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution by the web application, gaining complete control of the device. A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell c... • https://supportportal.juniper.net/JSA88110 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8531 – Schneider Electric EcoStruxure Data Center Expert Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8531
11 Oct 2024 — The vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Data Center Expert. ... An attacker can leverage this vulnerability to execute code in the context of root. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-01.pdf • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2024-21534 – jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization
https://notcve.org/view.php?id=CVE-2024-21534
11 Oct 2024 — All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. ... This vulnerability allows remote code execution via improper input sanitisation and unsafe default usage of the vm module in Node.js. Attackers can exploit this by executing arbitrary code through the unsafe use of the vm module in Node.js, which allows for malicious code injection. This issu... • https://github.com/pabloopez/CVE-2024-21534 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-42640
https://notcve.org/view.php?id=CVE-2024-42640
11 Oct 2024 — angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. ... This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. • https://www.zyenra.com/blog/unauthenticated-rce-in-angular-base64-upload.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-44731
https://notcve.org/view.php?id=CVE-2024-44731
11 Oct 2024 — Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections. • https://aware7.com/de/blog/schwachstellen-in-videokonferenzsystemen • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46088
https://notcve.org/view.php?id=CVE-2024-46088
11 Oct 2024 — An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary code via uploading a crafted file. • http://zhejiang.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-46532
https://notcve.org/view.php?id=CVE-2024-46532
11 Oct 2024 — SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component. • https://github.com/KamenRiderDarker/CVE-2024-46532 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9258 – IrfanView SID File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9258
11 Oct 2024 — IrfanView SID File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker can lever... • https://www.zerodayinitiative.com/advisories/ZDI-24-1370 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9259 – IrfanView SID File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9259
11 Oct 2024 — IrfanView SID File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker can leverag... • https://www.zerodayinitiative.com/advisories/ZDI-24-1372 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9260 – IrfanView SID File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9260
11 Oct 2024 — IrfanView SID File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker can leverag... • https://www.zerodayinitiative.com/advisories/ZDI-24-1373 • CWE-787: Out-of-bounds Write •