CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41586
https://notcve.org/view.php?id=CVE-2024-41586
03 Oct 2024 — A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component. • https://www.forescout.com/resources/draybreak-draytek-research • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 24EXPL: 0CVE-2024-41593
https://notcve.org/view.php?id=CVE-2024-41593
03 Oct 2024 — DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow. • https://www.forescout.com/resources/draybreak-draytek-research •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-45514
https://notcve.org/view.php?id=CVE-2024-45514
03 Oct 2024 — Attackers can bypass the existing checks by using encoded characters, allowing the injection and execution of arbitrary JavaScript within a victim's session. ... A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. • https://wiki.zimbra.com/wiki/Security_Center • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7025 – Debian Security Advisory 5781-1
https://notcve.org/view.php?id=CVE-2024-7025
03 Oct 2024 — Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html • CWE-472: External Control of Assumed-Immutable Web Parameter •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9369 – Debian Security Advisory 5781-1
https://notcve.org/view.php?id=CVE-2024-9369
03 Oct 2024 — Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 6CVE-2024-9441 – Linear eMerge e3-Series Forgot Password Command Injection
https://notcve.org/view.php?id=CVE-2024-9441
02 Oct 2024 — A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP. Linear eMerge e3-Series versions through 1.00-07 suffer from a remote command execution vulnerability. • https://ssd-disclosure.com/ssd-advisory-nortek-linear-emerge-e3-pre-auth-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 29EXPL: 0CVE-2024-20521 – Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-20521
02 Oct 2024 — A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. ... A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV •
CVSS: 9.1EPSS: 0%CPEs: 29EXPL: 0CVE-2024-20520 – Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-20520
02 Oct 2024 — A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. ... A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV •
CVSS: 9.1EPSS: 0%CPEs: 29EXPL: 0CVE-2024-20519 – Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-20519
02 Oct 2024 — A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. ... A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV •
CVSS: 9.1EPSS: 0%CPEs: 29EXPL: 0CVE-2024-20518 – Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-20518
02 Oct 2024 — A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. ... A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV •