CVSS: 9.1EPSS: 2%CPEs: 2EXPL: 0CVE-2024-8956 – PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-8956
If combined with CVE-2024-8957, this can lead to remote code execution as root. • https://ptzoptics.com/firmware-changelog https://vulncheck.com/advisories/ptzoptics-insufficient-auth • CWE-287: Improper Authentication •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45803 – Cross site scripting (XSS) Vulnerability on route /wireui/button?label=Content in wireui
https://notcve.org/view.php?id=CVE-2024-45803
Malicious actors could exploit this vulnerability by injecting JavaScript into the `label` parameter, leading to the execution of arbitrary code in the victim's browser. ... By crafting such a request, an attacker can inject arbitrary code that will be executed by the browser when the endpoint is accessed. If exploited, this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the affected website. ... **Content Manipulation**: Altering the appearance or behavior of the affected page to mislead users or execute further attacks. • https://github.com/wireui/wireui/commit/784c4f110e58eb41d0f2bdecd4655ea417f16e7e https://github.com/wireui/wireui/commit/a457654912055f4dcc559da04d4e319f76b80fc5 https://github.com/wireui/wireui/security/advisories/GHSA-rw5h-g8xq-6877 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42503 – Authenticated Remote Command Execution (RCE) Vulnerability in the Lua Package Within the AOS Command Line Interface (CLI)
https://notcve.org/view.php?id=CVE-2024-42503
Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42502 – Authenticated Remote Command Execution (RCE) Vulnerability in the AOS Command Line Interface
https://notcve.org/view.php?id=CVE-2024-42502
Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42501 – Authenticated Path Traversal Vulnerability Leads to a Remote Command Execution (RCE)
https://notcve.org/view.php?id=CVE-2024-42501
Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •