CVSS: 8.3EPSS: 0%CPEs: 20EXPL: 0CVE-2024-20470 – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20470
02 Oct 2024 — A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. ... A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms •
CVSS: 9.0EPSS: 0%CPEs: 11EXPL: 0CVE-2024-20449 – Cisco Nexus Dashboard Fabric Controller Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20449
02 Oct 2024 — A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. ... An attacker could exploit this vulnerability by using the Secure Copy Protocol (SCP) to upload malicious code to an affected device using path traversal techniques. A successful exploit could allow the attacker to execute arbitrary code in a specific container with the privileges... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-ptrce-BUSHLbp •
CVSS: 9.0EPSS: 0%CPEs: 20EXPL: 0CVE-2024-20393 – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-20393
02 Oct 2024 — A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24122
https://notcve.org/view.php?id=CVE-2024-24122
02 Oct 2024 — A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special file name, which can be used to decompress the project file into the system startup folder, restart the system, and automatically execute the constructed attack script. • https://github.com/zty007666/Shenzhen-Yitu-Software-Yitu-Project-Management-Software/tree/0215da8db607824bc9523ce7532f8fc53ba1b40a/Remote%20Code%20Execution%20Vulnerability_02 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-33209
https://notcve.org/view.php?id=CVE-2024-33209
02 Oct 2024 — An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser. • https://github.com/paragbagul111/CVE-2024-33209 •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45962
https://notcve.org/view.php?id=CVE-2024-45962
02 Oct 2024 — If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target. • https://grimthereaperteam.medium.com/october-cms-3-6-30-stored-xss-ddf2be7a226e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45965
https://notcve.org/view.php?id=CVE-2024-45965
02 Oct 2024 — Contao 5.4.1 allows an authenticated admin account to upload a SVG file containing malicious javascript code into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted javascript to the target. • https://grimthereaperteam.medium.com/contao-5-4-1-malicious-file-upload-xss-in-svg-30edb8820ecb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 19EXPL: 0CVE-2024-9403 – firefox: thunderbird: Memory safety bugs fixed in Firefox 131 and Thunderbird 131
https://notcve.org/view.php?id=CVE-2024-9403
01 Oct 2024 — Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. ... Some of these bugs show evidence of memory corruption and we presume that with enough effort, some of these could be exploited to run arbitrary code. Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1917807 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9395 – Gentoo Linux Security Advisory 202412-06
https://notcve.org/view.php?id=CVE-2024-9395
01 Oct 2024 — Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1906024 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9391 – Gentoo Linux Security Advisory 202412-06
https://notcve.org/view.php?id=CVE-2024-9391
01 Oct 2024 — Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. • https://bugzilla.mozilla.org/show_bug.cgi?id=1892407 • CWE-290: Authentication Bypass by Spoofing •