CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2097
https://notcve.org/view.php?id=CVE-2024-2097
Authenticated List control client can execute the LINQ query in SCM Server to present event as list for operator. An authenticated malicious client can send special LINQ query to execute arbitrary code remotely (RCE) on the SCM Server that an attacker otherwise does not have authorization to do. El cliente de control de lista autenticado puede ejecutar la consulta LINQ en el servidor SCM para presentar el evento como una lista para el operador. Un cliente malicioso autenticado puede enviar una consulta LINQ especial para ejecutar código arbitrario de forma remota (RCE) en el servidor SCM para lo cual, de otro modo, un atacante no tendría autorización. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0400
https://notcve.org/view.php?id=CVE-2024-0400
SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and execute arbitrary code (RCE) on the SCM Server remotely. Malicious clients can execute any command by using this RCE vulnerability. El software SCM es una aplicación cliente y servidor. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000189&languageCode=en&Preview=true • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-2209 – HP Printer Firmware Update Utility for Certain HP DeskJet Printers - Potential Execution of Arbitrary Code
https://notcve.org/view.php?id=CVE-2024-2209
A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft Windows default downloads directory which can lead to potential arbitrary code execution. • https://support.hp.com/us-en/document/ish_10354903-10354932-16 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-21912 – Rockwell Automation Arena Simulation vulnerable to out of bounds write
https://notcve.org/view.php?id=CVE-2024-21912
An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. • https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html • CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41973 – Lack of input santization on Zscaler Client Connector enables arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-41973
ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later. ZSATray pasa el nombre del instalador anterior como parámetro de configuración a TrayManager, y TrayManager construye la ruta y agrega el nombre del instalador anterior para obtener la ruta completa del archivo ejecutable. Versión fija: Win ZApp 4.3.0.121 y posteriores. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.3.0.121&deployment_date=2023-09-01&id=1463196 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •