CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22127 – Code Injection vulnerability in SAP NetWeaver AS Java (Administrator Log Viewer plug-in)
https://notcve.org/view.php?id=CVE-2024-22127
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application. SAP NetWeaver Administrator AS Java (complemento Administrator Log Viewer): versión 7.50, permite a un atacante con altos privilegios cargar archivos potencialmente peligrosos, lo que conduce a una vulnerabilidad de inyección de comandos. Esto permitiría al atacante ejecutar comandos que pueden causar un gran impacto en la confidencialidad, integridad y disponibilidad de la aplicación. • https://me.sap.com/notes/3433192 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22144 – WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.21.96 - Unauthenticated Predictable Nonce Brute-Force Leading to RCE vulnerability
https://notcve.org/view.php?id=CVE-2024-22144
Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96. • https://patchstack.com/articles/critical-vulnerability-found-in-gotmls-plugin?_s_id=cve https://patchstack.com/database/vulnerability/gotmls/wordpress-anti-malware-security-and-brute-force-firewall-plugin-4-21-96-unauthenticated-predictable-nonce-brute-force-leading-to-rce-vulnerability?_s_id=cve https://sec.stealthcopter.com/cve-2024-22144 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1696 – Santesoft Sante FFT Imaging Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2024-1696
In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user opens a malicious DCM file on affected FFT Imaging installations, a local attacker could perform an out-of-bounds write, which could allow for arbitrary code execution. • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2022-46070
https://notcve.org/view.php?id=CVE-2022-46070
GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path. GV-ASManager V6.0.1.0 contiene una vulnerabilidad de inclusión de archivos locales en GeoWebServer a través de Path. • https://s3.amazonaws.com/geovision_downloads/TechNotice/CyberSecurity/Security_Advistory_ASManager-ASM-2022-11.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-23278
https://notcve.org/view.php?id=CVE-2024-23278
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox. El problema se solucionó con controles mejorados. Este problema se solucionó en macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7.6, tvOS 17.4. • http://seclists.org/fulldisclosure/2024/Mar/21 http://seclists.org/fulldisclosure/2024/Mar/22 http://seclists.org/fulldisclosure/2024/Mar/24 http://seclists.org/fulldisclosure/2024/Mar/25 https://support.apple.com/en-us/HT214081 https://support.apple.com/en-us/HT214082 https://support.apple.com/en-us/HT214084 https://support.apple.com/en-us/HT214085 https://support.apple.com/en-us/HT214086 https://support.apple.com/en-us/HT214088 https://support.apple.com/kb&#x • CWE-94: Improper Control of Generation of Code ('Code Injection') •