CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28121 – Reflex arbitrary method call in stimulus_reflex
https://notcve.org/view.php?id=CVE-2024-28121
12 Mar 2024 — StimulusReflex versions 3.5.0 up to and including 3.5.0.rc2 and 3.5.0.pre10 suffer from an arbitrary code execution vulnerability. • https://packetstorm.news/files/id/177595 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22127 – Code Injection vulnerability in SAP NetWeaver AS Java (Administrator Log Viewer plug-in)
https://notcve.org/view.php?id=CVE-2024-22127
12 Mar 2024 — SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application. SAP NetWeaver Administrator AS Java (complemento Administrator Log Viewer): versión 7.50, permite a un atacante con altos privilegios cargar archivos potenci... • https://me.sap.com/notes/3433192 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22144 – WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.21.96 - Unauthenticated Predictable Nonce Brute-Force Leading to RCE vulnerability
https://notcve.org/view.php?id=CVE-2024-22144
12 Mar 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96. • https://patchstack.com/articles/critical-vulnerability-found-in-gotmls-plugin?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1696 – Santesoft Sante FFT Imaging Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2024-1696
11 Mar 2024 — In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user opens a malicious DCM file on affected FFT Imaging installations, a local attacker could perform an out-of-bounds write, which could allow for arbitrary code execution. • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46070
https://notcve.org/view.php?id=CVE-2022-46070
11 Mar 2024 — GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path. GV-ASManager V6.0.1.0 contiene una vulnerabilidad de inclusión de archivos locales en GeoWebServer a través de Path. • https://s3.amazonaws.com/geovision_downloads/TechNotice/CyberSecurity/Security_Advistory_ASManager-ASM-2022-11.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 30EXPL: 0CVE-2024-23263 – Apple Security Advisory 03-07-2024-7
https://notcve.org/view.php?id=CVE-2024-23263
08 Mar 2024 — Nan Wang and Rushikesh Nandedkar discovered that processing maliciously crafted web content may lead to arbitrary code execution. • http://seclists.org/fulldisclosure/2024/Mar/20 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 34EXPL: 0CVE-2024-23280 – Apple Security Advisory 03-07-2024-2
https://notcve.org/view.php?id=CVE-2024-23280
08 Mar 2024 — Nan Wang and Rushikesh Nandedkar discovered that processing maliciously crafted web content may lead to arbitrary code execution. • http://seclists.org/fulldisclosure/2024/Mar/20 •
CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 0CVE-2024-23278 – Apple Security Advisory 03-07-2024-2
https://notcve.org/view.php?id=CVE-2024-23278
08 Mar 2024 — The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox. El problema se solucionó con controles mejorados. Este problema se solucionó en macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7.6, tvOS 17.4. • http://seclists.org/fulldisclosure/2024/Mar/21 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2024-23254 – Apple Security Advisory 03-07-2024-7
https://notcve.org/view.php?id=CVE-2024-23254
08 Mar 2024 — Nan Wang and Rushikesh Nandedkar discovered that processing maliciously crafted web content may lead to arbitrary code execution. • http://seclists.org/fulldisclosure/2024/Mar/20 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23258 – Apple Security Advisory 03-07-2024-7
https://notcve.org/view.php?id=CVE-2024-23258
08 Mar 2024 — Processing an image may lead to arbitrary code execution. • http://seclists.org/fulldisclosure/2024/Mar/21 • CWE-125: Out-of-bounds Read •