CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-52567 – Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-52567
18 Nov 2024 — This could allow an attacker to execute code in the context of the current process. ... This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24237) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/html/ssa-824503.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-52566 – Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-52566
18 Nov 2024 — This could allow an attacker to execute code in the context of the current process. ... This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24233) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/html/ssa-824503.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-52565 – Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-52565
18 Nov 2024 — This could allow an attacker to execute code in the context of the current process. ... This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24231) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/html/ssa-824503.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41151 – Apache HertzBeat: RCE by notice template injection vulnerability
https://notcve.org/view.php?id=CVE-2024-41151
18 Nov 2024 — Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue. • https://lists.apache.org/thread/oor9nw6nh2ojnfw8d8oxrv40cbtk5mwj • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45505 – Apache HertzBeat: Exists Native Deser RCE and file writing vulnerabilities
https://notcve.org/view.php?id=CVE-2024-45505
18 Nov 2024 — Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue. Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by ... • https://lists.apache.org/thread/gvbc68krhqhht7mkkkx7k13k6k6fdhy0 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47208 – Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE
https://notcve.org/view.php?id=CVE-2024-47208
18 Nov 2024 — Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. • https://issues.apache.org/jira/browse/OFBIZ-13158 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48962 – Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE)
https://notcve.org/view.php?id=CVE-2024-48962
18 Nov 2024 — Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. • https://issues.apache.org/jira/browse/OFBIZ-13162 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-352: Cross-Site Request Forgery (CSRF) CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11315 – TRCore DVC - Arbitrary File Upload through Path Traversal
https://notcve.org/view.php?id=CVE-2024-11315
18 Nov 2024 — This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. • https://www.twcert.org.tw/en/cp-139-8255-0bb1a-2.html • CWE-23: Relative Path Traversal CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11314 – TRCore DVC - Arbitrary File Upload through Path Traversal
https://notcve.org/view.php?id=CVE-2024-11314
18 Nov 2024 — This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. • https://www.twcert.org.tw/en/cp-139-8253-bc363-2.html • CWE-23: Relative Path Traversal CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11313 – TRCore DVC - Arbitrary File Upload through Path Traversal
https://notcve.org/view.php?id=CVE-2024-11313
18 Nov 2024 — This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. • https://www.twcert.org.tw/en/cp-139-8251-3455e-2.html • CWE-23: Relative Path Traversal CWE-434: Unrestricted Upload of File with Dangerous Type •