CVE-2024-20316
https://notcve.org/view.php?id=CVE-2024-20316
Esta vulnerabilidad se debe al manejo inadecuado de las condiciones de error cuando un administrador de dispositivo autorizado exitosamente actualiza una ACL IPv4 usando el protocolo NETCONF o RESTCONF, y la actualización reordenaría las entradas de control de acceso (ACE) en la ACL actualizada. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dmi-acl-bypass-Xv8FO8Vz • CWE-390: Detection of Error Condition Without Action •
CVE-2024-2097
https://notcve.org/view.php?id=CVE-2024-2097
Authenticated List control client can execute the LINQ query in SCM Server to present event as list for operator. An authenticated malicious client can send special LINQ query to execute arbitrary code remotely (RCE) on the SCM Server that an attacker otherwise does not have authorization to do. El cliente de control de lista autenticado puede ejecutar la consulta LINQ en el servidor SCM para presentar el evento como una lista para el operador. Un cliente malicioso autenticado puede enviar una consulta LINQ especial para ejecutar código arbitrario de forma remota (RCE) en el servidor SCM para lo cual, de otro modo, un atacante no tendría autorización. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-0400
https://notcve.org/view.php?id=CVE-2024-0400
SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and execute arbitrary code (RCE) on the SCM Server remotely. Malicious clients can execute any command by using this RCE vulnerability. El software SCM es una aplicación cliente y servidor. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-2209 – HP Printer Firmware Update Utility for Certain HP DeskJet Printers - Potential Execution of Arbitrary Code
https://notcve.org/view.php?id=CVE-2024-2209
A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft Windows default downloads directory which can lead to potential arbitrary code execution. • https://support.hp.com/us-en/document/ish_10354903-10354932-16 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-21912 – Rockwell Automation Arena Simulation vulnerable to out of bounds write
https://notcve.org/view.php?id=CVE-2024-21912
An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. • https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html • CWE-787: Out-of-bounds Write •