CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47561 – Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)
https://notcve.org/view.php?id=CVE-2024-47561
03 Oct 2024 — Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue. ... This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute. Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. ... Issues addressed include... • https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-45517
https://notcve.org/view.php?id=CVE-2024-45517
03 Oct 2024 — A Cross-Site Scripting (XSS) vulnerability in the /h/rest endpoint of the Zimbra webmail and admin panel interfaces allows attackers to execute arbitrary JavaScript in the victim's session. ... A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. • https://wiki.zimbra.com/wiki/Security_Center • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-45514
https://notcve.org/view.php?id=CVE-2024-45514
03 Oct 2024 — A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. • https://wiki.zimbra.com/wiki/Security_Center • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 24EXPL: 0CVE-2024-41593
https://notcve.org/view.php?id=CVE-2024-41593
03 Oct 2024 — DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow. • https://www.forescout.com/resources/draybreak-draytek-research •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41586
https://notcve.org/view.php?id=CVE-2024-41586
03 Oct 2024 — A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component. • https://www.forescout.com/resources/draybreak-draytek-research • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-45516
https://notcve.org/view.php?id=CVE-2024-45516
03 Oct 2024 — A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 6CVE-2024-9441 – Linear eMerge e3-Series Forgot Password Command Injection
https://notcve.org/view.php?id=CVE-2024-9441
02 Oct 2024 — A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP. Linear eMerge e3-Series versions through 1.00-07 suffer from a remote command execution vulnerability. • https://ssd-disclosure.com/ssd-advisory-nortek-linear-emerge-e3-pre-auth-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 29EXPL: 0CVE-2024-20521 – Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-20521
02 Oct 2024 — A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. ... A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV •
CVSS: 9.1EPSS: 0%CPEs: 29EXPL: 0CVE-2024-20520 – Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-20520
02 Oct 2024 — A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. ... A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV •
CVSS: 9.1EPSS: 0%CPEs: 29EXPL: 0CVE-2024-20519 – Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2024-20519
02 Oct 2024 — A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. ... A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV •