CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-24091
https://notcve.org/view.php?id=CVE-2024-24091
Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface. Se descubrió que Yealink Meeting Server anterior a v26.0.0.66 contenía una vulnerabilidad de inyección de comandos del sistema operativo a través de la interfaz de carga de archivos. • https://www.yealink.com/en/trust-center/security-advisories/2f2b990211c440cf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2023-42282 – nodejs-ip: arbitrary code execution via the isPublic() function
https://notcve.org/view.php?id=CVE-2023-42282
This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources. • https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894 https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3 https://security.netapp.com/advisory/ntap-20240315-0008 https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only https://access.redhat.com/security/cve/CVE-2023-42282 https://bugzilla.redhat.com/show_bug.cgi?id=2265161 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45735 – Westermo Lynx Code Injection
https://notcve.org/view.php?id=CVE-2023-45735
A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device. Un potencial atacante con acceso al dispositivo Westermo Lynx podría ejecutar código malicioso que podría afectar el correcto funcionamiento del dispositivo. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24577 – libgit2 is vulnerable to arbitrary code execution due to heap corruption in `git_index_add`
https://notcve.org/view.php?id=CVE-2024-24577
Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. ... Depending on the application that uses libgit2, this could lead to arbitrary code execution. • https://github.com/libgit2/libgit2/releases/tag/v1.6.5 https://github.com/libgit2/libgit2/releases/tag/v1.7.2 https://github.com/libgit2/libgit2/security/advisories/GHSA-j2v7-4f6v-gpg8 https://lists.debian.org/debian-lts-announce/2024/02/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4M3P7WIEPXNRLBINQRJFXUSTNKBCHYC7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7CNDW3PF6NHO7OXNM5GN6WSSGAMA7MZE https://lists. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-22514
https://notcve.org/view.php?id=CVE-2024-22514
An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file. Un problema descubierto en iSpyConnect.com Agent DVR 5.1.6.0 permite a los atacantes ejecutar archivos arbitrarios restaurando un archivo de copia de seguridad manipulado. • https://github.com/Orange-418/AgentDVR-5.1.6.0-File-Upload-and-Remote-Code-Execution https://github.com/Orange-418/CVE-2024-22514-Remote-Code-Execution • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-94: Improper Control of Generation of Code ('Code Injection') •