CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24577 – libgit2 is vulnerable to arbitrary code execution due to heap corruption in `git_index_add`
https://notcve.org/view.php?id=CVE-2024-24577
Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. ... Depending on the application that uses libgit2, this could lead to arbitrary code execution. • https://github.com/libgit2/libgit2/releases/tag/v1.6.5 https://github.com/libgit2/libgit2/releases/tag/v1.7.2 https://github.com/libgit2/libgit2/security/advisories/GHSA-j2v7-4f6v-gpg8 https://lists.debian.org/debian-lts-announce/2024/02/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4M3P7WIEPXNRLBINQRJFXUSTNKBCHYC7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7CNDW3PF6NHO7OXNM5GN6WSSGAMA7MZE https://lists. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-22514
https://notcve.org/view.php?id=CVE-2024-22514
An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file. Un problema descubierto en iSpyConnect.com Agent DVR 5.1.6.0 permite a los atacantes ejecutar archivos arbitrarios restaurando un archivo de copia de seguridad manipulado. • https://github.com/Orange-418/AgentDVR-5.1.6.0-File-Upload-and-Remote-Code-Execution https://github.com/Orange-418/CVE-2024-22514-Remote-Code-Execution • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5800 – Insufficient input validation in VAPIX API create_overlay.cgi
https://notcve.org/view.php?id=CVE-2023-5800
Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. Vintage, miembro del programa AXIS OS Bug Bounty, descubrió que la API VAPIX create_overlay.cgi no tenía una validación de entrada suficiente que permitiera una posible ejecución remota de código. • https://www.axis.com/dam/public/89/d9/99/cve-2023-5800-en-US-424339.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2023-5677 – Insufficient input validation in VAPIX API tcptext.cgi
https://notcve.org/view.php?id=CVE-2023-5677
Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. • https://www.axis.com/dam/public/a9/dd/f1/cve-2023-5677-en-US-424335.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24469
https://notcve.org/view.php?id=CVE-2024-24469
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php. Vulnerabilidad de Cross Site Request Forgery en flusity-CMS v.2.33 permite a un atacante remoto ejecutar código arbitrario a través de delete_post .php. • https://github.com/tang-0717/cms/blob/main/2.md • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-352: Cross-Site Request Forgery (CSRF) •