CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47559 – Authenticated RCE via Path Traversal
https://notcve.org/view.php?id=CVE-2024-47559
07 Oct 2024 — Authenticated RCE via Path Traversal • https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47558 – Authenticated RCE via Path Traversal
https://notcve.org/view.php?id=CVE-2024-47558
07 Oct 2024 — Authenticated RCE via Path Traversal • https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47557 – Pre-Auth RCE via Path Traversal
https://notcve.org/view.php?id=CVE-2024-47557
07 Oct 2024 — Pre-Auth RCE via Path Traversal • https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47556 – Pre-Auth RCE via Path Traversal
https://notcve.org/view.php?id=CVE-2024-47556
07 Oct 2024 — Pre-Auth RCE via Path Traversal • https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6362
https://notcve.org/view.php?id=CVE-2023-6362
07 Oct 2024 — This could allow attackers to execute arbitrary code via a long filename argument. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-winhex • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6361
https://notcve.org/view.php?id=CVE-2023-6361
07 Oct 2024 — This could allow attackers to execute arbitrary code via a long filename argument. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-winhex • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2024-20103
https://notcve.org/view.php?id=CVE-2024-20103
07 Oct 2024 — This could lead to remote code execution with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/October-2024 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2024-20101
https://notcve.org/view.php?id=CVE-2024-20101
07 Oct 2024 — This could lead to remote code execution with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/October-2024 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-20100
https://notcve.org/view.php?id=CVE-2024-20100
07 Oct 2024 — This could lead to remote code execution with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/October-2024 • CWE-787: Out-of-bounds Write •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45933
https://notcve.org/view.php?id=CVE-2024-45933
07 Oct 2024 — OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint. • http://TobeReleased.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •